Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
I despise 2fa. I hate needing my phone within reach at all times, especially considering it’s a device I don’t own, I don’t have root on. There must be a better way.
In today’s world, MFA (multifactor authentication) is a necessity for literally any account in which you store information you don’t want to be stolen by someone. I’m more upset that several services I use still don’t support it, or only support MFA via text or email, neither of which is secure enough to be of much use.
You don’t want the place where you store your passwords, likely including your bank account, health insurance, social media accounts, etc. to be more difficult to hack? You live in a post-quantum world. Passwords aren’t enough.
100% agree with the exception that 2FA over SMS or email needs to die, along with the “magic link” style of signing in.
Why is everyone so slow to implement FIDO2?
Agreed. But I think it’s evident even in these threads why companies are slow to adopt. Lemmy is still a niche corner of the internet predominantly used by technology savvy people, and yet you see folks here saying that they hate the inconvenience of it. Less tech adept users are more likely to dislike the additional friction.
Maybe I’ve been in the Apple garden too long but Passkeys make this easy enough for any idiot.
Now if websites would stop prompting for a password and just use passwordless authentication I’d be happy.
In fact I did this for my own business in one day using Authentik as SSO like three years ago. What’s the holdup?
This is the correct answer. MFA should be enforced for literally every account you have, and the method should be app-based or a hardware token.
It turns out that people en masse are lazy and will use the same simple password for all their accounts and then wonder how they got hacked. People in tech for the past 30 years or so struggled with the difference between theory and practice when it came to user psychology, and I am happy that we are finally starting to realize the user psychology aspect and just force them to be secure.
Disagree. So much money is lost because of simple password auth. Mandatory mfa fixes nearly all of it.
I hate it. It should be my choice. Not all of my accounts need to be super secure. It sucks enough already when my phone breaks or something I don’t need to be locked out of everything
This is something thats actually scary. Phones are so necessary now that when it breaks you could be digitially stranded, unable to log in to anything
I remember reading of a privacy-aware couple who were each others’ “backups” in case one lost access. Well, they lost their house in a fire, along with their personal backups, and their “backup person” couldn’t access their cloud backups either.
I’m an old-fashioned believer in the 3-2-1 -rule. Three copies of important data, two of them on different media, and one offsite. And make sure you can access all of them without the other two.
So like one password database on phone (even if it’s offline, like most password apps have); one on the computer (like you probably want for use too?), and one in the cloud without need of either device or anything onsite to unlock (in my case, I’ve set up Bitwarden emergency access to someone in another country, and have a second Yubikey with a more local friend).
I just hate it when the only 2fa option is my phone number.
