• SkaveRat@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        how would they track you?

        The reason they want a phone number is, that it’s a relatively cheap way to ensure people not signing up bots galore, as getting phone numbers en masse is a lot harder than getting email accounts

        • Otome-chan@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          phone numbers are typically tied to your name/identity, and phone companies can locate you using their towers and such. Giving a company your phone number is identical to giving a company your full legal name and address.

          • _number8_@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            yeah, no idea why you’re getting downvoted, it’s clear why companies are so eagerly embracing and requiring 2FA – if the benefits were only for the consumers, it wouldn’t be mandated anywhere near this quickly. but when they know they get a real human phone tied to every account, that’s a huge motivation

  • Otome-chan@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    No offense to companies but I’m honestly sick of companies forcing 2fa. Every single one seems to have a different shitty way of doing it. Like why on earth do I need two different authenticator apps on my phone (authy&google authenticator)? Some do sms/phone number, but then yell at you and prevent you from doing 2fa if you have a “bad phone number”. This happened on discord where I’m locked out of certain servers because I can’t do phone verification, and I can’t do it because discord doesn’t like my phone number. Twitter was the same way for a long while (couldn’t do 2fa/phone verification due to them not liking my number).

    From the article it sounds like they’re doing authenticator app or sms. I’m guessing sms won’t work for me, so app it is. I decided to dig to see which authenticator app they use and they list: 1password, authy, lastpass, and microsoft… no google?

    Honestly, even email requirements for accounts is annoying because you know it just ends up spamming you. is the future where we’re gonna have to have 30 different authenticator apps on our phone?

    • library_napper@monyet.cc
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Anyone who claims they’re doing OTPs over SMS for “security” ia lying to you. Discord wants your phone number; it has nothing to do with your security

      • Otome-chan@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        there’s quite a lot of services that want phone for verification/2fa/whatever. whenever I run into them I usually just refuse to use the service altogether.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I don’t like how a lot of things require their own custom app, especially when there’s no automatic notification. I need to try and remember what the app is called, open it, navigate through, then approve it

    • jana@leminal.space
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Print off your recovery codes and keep them safe. If you want to be extra, hammer them into metal plates like the crypto weirdos do.

      • argv_minus_one@beehaw.org
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Printing recovery codes would require me to either be price gouged by the printer ink cartel or use someone else’s printer, and using someone else’s printer is begging to get my account stolen.

        I have no idea how to hammer things into metal plates, but I’m guessing that’s even more expensive than printer ink.

          • argv_minus_one@beehaw.org
            link
            fedilink
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            I can do that with alphanumeric codes, yeah, but can I get alphanumeric codes from GitHub, or is it going to be a QR code? I can’t write down a QR code…

            • faerbit@feddit.de
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              1 year ago

              QR codes are just an encoding. Just use any half-competent QR code app, and it will give you it’s content, which you can then write down. For the reverse you can use any QR code generator.

  • Gamey@feddit.rocks
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    Good, people are fucking stupid and if it effects others it’s often better to choose the security for them!

    • NekuSoul@lemmy.nekusoul.de
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Yup. I’m actually a bit baffled by how much negativity/misinformation there’s around 2FA even in a place like this, which should naturally have a more technically inclined userbase.

      • daYMAN007@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Well negativity is there because every app wants it.

        I don’t care if account x is compronised, as it has absolutly no value

    • faerbit@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Hard disagree. I do not want to have 2FA for every shittly little thing I do not care about.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Specifically app-based 2FA, ideally Google Authenticator based. There are tons of great authenticator apps available that are all compatible, so it should absolutely be preferred over SMS or email.