It always annoys me that SMS is less secure than other methods, yet 90% of sites seem to want you to add a phone number as a recovery method anyway meaning you can just bypass everything else
this post was submitted on 20 Mar 2025
5 points (100.0% liked)
Hacker News
981 readers
320 users here now
Posts from the RSS Feed of HackerNews.
The feed sometimes contains ads and posts that have been removed by the mod team at HN.
founded 6 months ago
MODERATORS
It's to track you, plus it's the easiest to implement, so it's win win for them. Without some sort of regulation against it, companies will always do what is most profitable.
It’s not about security, it’s about data mining
You're password is 100% non crackable assuming the services you use take password security super seriously
Spoiler alert: they don't
I'd be more inclined to use 2FA if the second factor wasn't usually a mobile phone, which can easily (much more easily than a laptop or desktop pc) be lost, be stolen or break, is harder to repair, and generally running software that is far more insecure than what is running on my PCs, especially if you get into the specifics of how that 2FA works - SMS isn't secure, and authenticator apps generally require the official app store (Google or Apple), i.e. they don't work well on something like LineageOS or GrapheneOS.
You can probably use something like Yubikey or a more privacy-friendly authenticator app on Github, but many other services won't give options like that.
Aegis is compatible with Google Authenticator, works with Graphene, and allows encrypted backups.
Aegis also let's you be power user, you can share your 2fa generators with other people, I've been needing independent way to access many accounts with a family member and aegis makes it the easiest.