this post was submitted on 22 Aug 2023
1 points (100.0% liked)

Technology

34865 readers
42 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
all 20 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago (3 children)

No offense to companies but I'm honestly sick of companies forcing 2fa. Every single one seems to have a different shitty way of doing it. Like why on earth do I need two different authenticator apps on my phone (authy&google authenticator)? Some do sms/phone number, but then yell at you and prevent you from doing 2fa if you have a "bad phone number". This happened on discord where I'm locked out of certain servers because I can't do phone verification, and I can't do it because discord doesn't like my phone number. Twitter was the same way for a long while (couldn't do 2fa/phone verification due to them not liking my number).

From the article it sounds like they're doing authenticator app or sms. I'm guessing sms won't work for me, so app it is. I decided to dig to see which authenticator app they use and they list: 1password, authy, lastpass, and microsoft.... no google?

Honestly, even email requirements for accounts is annoying because you know it just ends up spamming you. is the future where we're gonna have to have 30 different authenticator apps on our phone?

[–] [email protected] 1 points 1 year ago

Like why on earth do I need two different authenticator apps on my phone (authy&google authenticator)?

you... don't?

Both of these implement exactly the same protocol (TOTP). Used authy for all my ~~Top Of The Pops~~ Time-based one-time password needs exclusively, before moving everything to bitwarden

[–] [email protected] 1 points 1 year ago (1 children)

Anyone who claims they're doing OTPs over SMS for "security" ia lying to you. Discord wants your phone number; it has nothing to do with your security

[–] [email protected] 1 points 1 year ago

there's quite a lot of services that want phone for verification/2fa/whatever. whenever I run into them I usually just refuse to use the service altogether.

[–] [email protected] -1 points 1 year ago

Oh noes, 2 different authenticators? Between my two jobs I need: Google Authenticator, Microsoft Authenticator, Duo, CyberArk, Okta, Impriviata, and I must have LastPass for password management. Everyone demands their particular flavor of security. Not to mention I have to login to all of these 40 something accounts every 29 days so they don't expire. Please, someone just everyone switch to a password-free security system like Microsoft Authenticator has and let's just get rid of the song and dance of picking a new password all the time.

[–] [email protected] 1 points 1 year ago (2 children)

2FA is the biggest bane to my productivity in the last 15 years, no part of my work life should require me to pull out my magic distraction device.

[–] [email protected] 1 points 1 year ago

I don't like how a lot of things require their own custom app, especially when there's no automatic notification. I need to try and remember what the app is called, open it, navigate through, then approve it

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

Use a password manager that lets you autofill 2fa, like Bitwarden.

[–] [email protected] -1 points 1 year ago

That's bad advice

[–] [email protected] -1 points 1 year ago (1 children)

Good, people are fucking stupid and if it effects others it's often better to choose the security for them!

[–] [email protected] 0 points 1 year ago (1 children)

Yup. I'm actually a bit baffled by how much negativity/misinformation there's around 2FA even in a place like this, which should naturally have a more technically inclined userbase.

[–] [email protected] 1 points 1 year ago

Well negativity is there because every app wants it.

I don't care if account x is compronised, as it has absolutly no value

[–] [email protected] -2 points 1 year ago (2 children)

2fa should be mandatory everywhere

[–] [email protected] 1 points 1 year ago

Hard disagree. I do not want to have 2FA for every shittly little thing I do not care about.

[–] [email protected] -1 points 1 year ago

Specifically app-based 2FA, ideally Google Authenticator based. There are tons of great authenticator apps available that are all compatible, so it should absolutely be preferred over SMS or email.