Y
Hacker News
new
|
ask
|
show
|
jobs
by
ipaddr
39 days ago
2FA has been in place for years through email but this new requirement forces a phone.
1 comments
ceejayoz
39 days ago
Good. E-mail based 2FA is bad, and they appear to support TOTP too as an option, as they should. Wish they supported U2F though.
link
ipaddr
39 days ago
Why is email based 2fa bad but phone good? There are classes of issues you get through phone 2fa compared to email
link
ceejayoz
39 days ago
Typically, you can also reset password via email, so it's really only one factor. Compromised email = compromised server.
link