undefined | Better HN

0 pointsdanwee3y ago0 comments

Not only that. Many banks and government services nowadays require a phone (and/or phone number) as well. Their excuse? MFA. So idiotic. I can understand that they want to improve auth for the vast majority of their customers, but don't make it mandatory FFS!

0 comments

ThunderSizzle3y ago

Too many people, even here, praise MFA when they reveal how weak their passwords are.

I've never had an auto generated password get broken into. Password databases should've been the solution everyone pushed, not 2FA.

Also, it's really an attempt for these services to cut down on fakes and bots. Its easy to make new emails, but hard to get new numbers that aren't already black/brown listed.

Gud3y ago

What do you think is wrong with 2FA?

ThunderSizzle3y ago

As a user, it's not fast, user-friendly, or fail-tolerant. And all three of those vary heavily depending on the company implementing the 2FA.

A username/email and password is pretty simple and straight-forward. If I lose a password, I can reset it via my email. Therefore, the only account that should even consider MFA should be my email, since it's a gateway to everything else. But that also means my email shouldn't have to be connected to 20 other services.

tkiolp43y ago

2FA is fine. Being forced to use a mobile phone for 2FA is wrong.

j / k navigate · click thread line to collapse

0 comments

ThunderSizzle3y ago

Too many people, even here, praise MFA when they reveal how weak their passwords are.

I've never had an auto generated password get broken into. Password databases should've been the solution everyone pushed, not 2FA.

Also, it's really an attempt for these services to cut down on fakes and bots. Its easy to make new emails, but hard to get new numbers that aren't already black/brown listed.

Gud3y ago

What do you think is wrong with 2FA?

ThunderSizzle3y ago

As a user, it's not fast, user-friendly, or fail-tolerant. And all three of those vary heavily depending on the company implementing the 2FA.

tkiolp43y ago

2FA is fine. Being forced to use a mobile phone for 2FA is wrong.

j / k navigate · click thread line to collapse