Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I run my SMS through an XMPP gateway I run via jmp.chat, so if that goes down I would be fucked for a bit too.
2FA is everywhere because the vast majority of people still reuse the same 3~4 passwords and can't even be fucked to come up with a deterministic password system, much less use a password manager.
I know deterministic password algorithms aren't the best, but a good one requires an attacker to get at least 5+ of your passwords to begin to figure it out (which is what happened to that one Gentoo maintainer).
Password managers still run into the same issue as 2FA. A cloud one could get hacked and an encrypted or local one could have you lose everything with one data failure. -
@djsumdog > 'Password managers still run into the same issue as 2FA. A cloud one could get hacked and an encrypted or local one could have you lose everything with one data failure.'
Quite true. Happened at least to LastPass, IIRC. Although, if memory serves, if one had a good master password they were safe.
For a long time, I vouch for non-2FA because I expect it to be against me earlier than being a benefit. Now, I have the mail server down. I need to login to repair it. I login and out of nowhere: 2FA. It sent the code to my e-mail. Ok, I'm fucked. So I call their phone number and that said "Sorry, we can't respond in person because of the high load (smth like that)". Well, this is an issue that an automated bot won't fix for sure.
This server isn't fixed anytime soon. But the 2FA, I knew it! Please make it optional and don't force it on users. Through e-mail is a bad idea by design, do a SMS or something, something that is not depended on the hosting services.
rant
aarrghhhh