• Beefalo@midwest.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m pretty iffy on 2FA. I’m using it for several things but I don’t like that my one and only option for that is this one smartphone. If I drop the phone in a lake, I can’t do Google anything anymore, or do some other crucial things. If I decide to step down to a dumb phone, no, I can’t. I’m just locked into this permanently, now. Half the internet is off limits if I lose, break, or decide to get rid of my phone.,

    I’ve gone from having two options for net access - phone and PC - so a primary and a backup, to having one option, both of them at once, and one is none.

    It’s a single point of failure that’s already vulnerable to SIM swap attacks and even shoulder surfing. You’re highly reliant on the target org you’re logging into, and whether their setup process is janky.

    2FA makes sense in broad theory, it doesn’t make sense in practice, where no options except for your one and only smartphone exist for 2FA. They’ve not developed some other method and don’t appear to be trying. It’s just that or fuckin nothing.

    It should be smartphone plus other thing as 2FA options, so the phone can be lost, stolen, destroyed, without leaving you up shit creek, and yet that other thing refuses to show itself.

    • couragethebravedog
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      and yet that other thing refuses to show itself

      You can buy a dedicated 2fa device. You can set your Google account to use the hardware key instead of sms verification. I don’t use sms 2fa on any of my accounts. Hardware security keys are inexpensive and work when you lose the phone. Yubikey offers numerous products that do what you want. You can also have 2FA keys on your smartwatch.

    • Riyria@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah, that’s always been my hesitant, and I don’t really have the physical assets, financial assets, or intellectual property that would really demand the need for 2FA on all of my accounts.