I'm gonna rant about how Discord does not let you disable 2FA after having it enabled if you forget the code they provide for cases where you don't have access to the 2FA in the first place and I lost a damn account to that :/

2FA is so annoying sometimes. I dropped my phone and it completely broke. There were some services which had a way to deal with this situation. Others which didn't.

This renderred TOTP unusable to me, unless automatic backups are made and sent to some other device via SyncThing. The downside is that, even if you encrypt the vaults, the fact itself is easily discoverable and it would only take one master password to crack it open with that second device.

Again, it's up to your threat modelling, but me inadvertently disabling backups may be the end of me someday, haha!

Real men use the drcc matrix chat

well - don't enable 2fa in the first place

@retoor Did not know they would not have the disabling as an option when needed, seeing how everyone in my experience except them seems to have it as a feature.

If you lose the backup keys or only store them on 1 device it's your own damn fault and not "service XYZ being stupid"
What's the point of 2FA if it can just be bypassed/disabled for convenience?
Especially discord is heavily targeted by account takeover scammers, e.g. scanning a qr code browser-in-the-browser phishing or dragging a bookmark scriptlet

@devRancid Look, I don't apprecoate the tone here. I do confess, though, that I was not thinking ahead and something truly unforeseen happened...