Hacker News new | ask | show | jobs
by stephenr 87 days ago
So don't give them your phone number.

Arguing against 2FA is like arguing that they shouldn't bash your password because it means you can't see your password to help remember it.
2 comments
bjourne 86 days ago
Um, no? Arguing against 2fa is I don't want to cede even more PII with the American tech oligopoly which, no doubt, will share said PII with the American regime.
link
stephenr 86 days ago
What PII?

You store a TOTP secret on your <device>....

It's less PII than an ssh public key because it's literally just a random string, that *they* generated, and you only need it for the web UI.

So please tell me how the Americans are going to track and identify you through a fucking TOTP secret.

link
bjourne 86 days ago
My phone number dumbo.
link
stephenr 86 days ago
Why would you use a phone number for 2FA. It's like saying you only use md5 hashing for passwords.
link
stephenr 86 days ago
s/bash/hash/
link