My personal conspiracy theory: the reason so many sites and services push for mandatory 2FA nowadays is to have an excuse to harvest phone numbers.

BeamBrain [he/him]@hexbear.net · 2 years ago

My personal conspiracy theory: the reason so many sites and services push for mandatory 2FA nowadays is to have an excuse to harvest phone numbers.

PorkrollPosadist [he/him, they/them]@hexbear.net · 2 years ago

Any 2FA that sends you an authentication code though SMS is masturbation. That “secret” code is getting broadcasted over the air in cleartext. Time-based OTP is the only reasonable solution.

ColeSloth@discuss.tchncs.de · 2 years ago

If you’re willing enough to intercept my text messenger data and hack my system to know my login credentials and password before doing it, I’ll just let you into my mcdonalds rewards account myself.

Yurt_Owl@hexbear.net · 2 years ago

I hate the ones that push their shitty 2fa app for only their one service

FuckyWucky [none/use name]@hexbear.net · 2 years ago

yes that and the fact that phone numbers are more difficult to create and keep compared to emails. you can have a hundred gmail accounts but you can’t have 100 SIM cards (yes there are VOIP numbers but those cost money too).

snooggums@midwest.social · 2 years ago

And companies frequently prohibit VOIP numbers from being used for 2fa.

BeanBoy [she/her]@hexbear.net · 2 years ago

Surely they have our best interests in mind

ChaosMaterialist [he/him]@hexbear.net · 2 years ago

No conspiracy necessary. Facebook went and did it.

Tabitha ☢️[she/her]@hexbear.net · 2 years ago

SMS is the least secure form of MFA that I’m aware of, so objectively, yes.

oscardejarjayes [comrade/them]@hexbear.net · 2 years ago

TOTP?

xor · edit-2 1 year ago

deleted by creator