Hacker News new | ask | show | jobs
by jorvi 860 days ago
> 2FA is very useful, but highly overrated.

What a bizarre statement. It protects you from any password leak.

If you have 2FA, even if you get keylogged or phished or breached or shoulder peeked, your intruder still does not gain access.
2 comments
vanilla_nut 858 days ago
Sorry, but my Article and Walmart.com accounts do not need 2FA. I'm fine with OTP, but most places use SMS 2FA, which exposes a unique identifier for myself and -- due to SIM swapping, which is a risk on literally every major carrier due to horrible customer service operations -- often makes it easier for a malicious actor to hijack my account.

You're generally correct, though: GOOD 2FA is not overrated and I would welcome it on any account. But it's obnoxious that almost every account I have uses SMS as a singular point of failure. I'd welcome a move back to email 2FA with a backup email for account recovery.

link
ckcheng 859 days ago
Apparently MFA in practice mainly protects against credential stuffing:

https://hn.algolia.com/?dateEnd=1705017600&dateRange=custom&...

link