this post was submitted on 20 Mar 2025
6 points (100.0% liked)

Hacker News

1105 readers
550 users here now

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

founded 6 months ago
MODERATORS
patrick@lemmy.bestiver.se
rssbot@lemmy.bestiver.se
6
2FA or Not 2FA (mikhailian.mova.org)
submitted 1 week ago by rssbot@lemmy.bestiver.se to c/hackernews@lemmy.bestiver.se
9 comments fedilink hide all child comments
 

Comments

top 9 comments
sorted by: hot top controversial new old
[–] Infernal_pizza@lemm.ee 5 points 1 week ago (2 children)

It always annoys me that SMS is less secure than other methods, yet 90% of sites seem to want you to add a phone number as a recovery method anyway meaning you can just bypass everything else

[–] WhatAmLemmy@lemmy.world 4 points 1 week ago

It's to track you, plus it's the easiest to implement, so it's win win for them. Without some sort of regulation against it, companies will always do what is most profitable.

[–] Whitebrow@lemmy.world 3 points 1 week ago

It’s not about security, it’s about data mining

[–] bigboismith@lemmy.world 1 points 1 week ago

You're password is 100% non crackable assuming the services you use take password security super seriously

Spoiler alert: they don't

[–] rumschlumpel@feddit.org 1 points 1 week ago* (last edited 1 week ago) (2 children)

I'd be more inclined to use 2FA if the second factor wasn't usually a mobile phone, which can easily (much more easily than a laptop or desktop pc) be lost, be stolen or break, is harder to repair, and generally running software that is far more insecure than what is running on my PCs, especially if you get into the specifics of how that 2FA works - SMS isn't secure, and authenticator apps generally require the official app store (Google or Apple), i.e. they don't work well on something like LineageOS or GrapheneOS.

You can probably use something like Yubikey or a more privacy-friendly authenticator app on Github, but many other services won't give options like that.

[–] MoonMelon@lemmy.ml 2 points 1 week ago

I keep thinking I should get a hardware key but then the cost, potential incompatibility, and my own confusion over all the options always stops me. But I have also had phones just randomly not turn on one day, so the current solution is a file folder full of OTPs. Sucks.

[–] ThrowawayPermanente@sh.itjust.works 1 points 1 week ago (2 children)

Aegis is compatible with Google Authenticator, works with Graphene, and allows encrypted backups.

[–] faintwhenfree@lemmus.org 2 points 1 week ago

Aegis also let's you be power user, you can share your 2fa generators with other people, I've been needing independent way to access many accounts with a family member and aegis makes it the easiest.

[–] rumschlumpel@feddit.org 1 points 1 week ago

I was thinking more along the line of Steam's authenticator app.