Y
Hacker News
new
|
ask
|
show
|
jobs
by
ceejayoz
41 days ago
Of all the things to be upset about, mandatory 2FA doesn't seem like one.
1 comments
ipaddr
41 days ago
2FA has been in place for years through email but this new requirement forces a phone.
link
ceejayoz
41 days ago
Good. E-mail based 2FA is bad, and they appear to support TOTP too as an option, as they should. Wish they supported U2F though.
link
ipaddr
41 days ago
Why is email based 2fa bad but phone good? There are classes of issues you get through phone 2fa compared to email
link
ceejayoz
41 days ago
Typically, you can also reset password via email, so it's really only one factor. Compromised email = compromised server.
link