2fa is a scam in part to force them to give up more data and in part to try to force people to use a government tracking device. Just remember this is Microsoft behind this.
There is nothing wrong with my username and password
2FA exists because sometimes ne'er do wells get your password. Phishing, guessing weak passwords, password reuse from sites that are hacked, the list goes on.
Agreed, 2FA is a good idea but it was never in the users' best interest to attain it via phone numbers. But when all these organizations saw an opportunity to couple a reliable phone number with what was otherwise in most cases, an account having just an email address, they jumped on it.
Agreed. The whole app based 2FA does not seem great in retrospect. I accidentally bricked my whole account, by simple user error. That’s a good point, that it could just happen from a hardware malfunction as well.
Seems like most 2FA these days is based on the service sending you the code by text or email. Sounds like a much better approach.
Sometimes I think 2FA is a scam. It certainly makes it harder for legitimate users to log in, but hackers expect logging in to be difficult so I don't think it makes a difference for them. What I do know is that something is going to go wrong with your 2FA sooner or later.
In a corporate environment or a bank where you can show up in person it is one thing because you can re-enroll but for self-service vendors such as Facebook and Google it is just a matter of time before you get locked out and by 2045 or so those firms will not have any users left unless they do something about it.
Thank you. As a user only, 2FA at works sucks. I get locked out multiple times a day, I have to constantly have my phone on me, and I have had a few days where I can't get in for funky reasons, and now the service provider is forbidden from helping me. I get it might be more secure (I still hear about security breaches every couple months), but it is a horrible experience. I use 2fa personally, but in the b2b space there is seemingly no consideration for the user.
I use crypto.com and they removed 2FA from me earlier in the week, asking me to set it up again. It was worrying as I wasn't sure if it was a scam, there was no reasoning behind it.
The only thing 2FA has been good for in my experience has been giving me a lot more junk calls. It should be outlawed in social media, and they should be required to build proper user support instead. Accounts are still being compromised regularly even with 2FA, it's tedious to use, and it only adds to PII overreach, as phones are becoming more involved in everyone's privacy and payment management.
This is a perfect example of casual protection and "failure downplaying" that social platforms conduct on serious volumes of personal data, and how it has become too common place as they warehouse private data that they really don't need.
A customer required me to use Skype for a meeting just the other day, It let me authenticate and verify an email account, but before I could even use it, it locked up and asked me for my phone number. This over reach is out of control.
Did we ever seriously doubt that? 2FA is just a made-up reason to have your phone number anyway, all the services that require that don't really want anything other than that.
There were also cases of attackers tampering with the phone system to intercept 2FA tokens. Much better is authenticator-app-based or hard-token-based 2FA.
reply