Oh f*. I was just talking about how it's only a matter of years until I need a phone to sign in everywhere, then this.
2Fa is literally the only reason I have to keep a phone. And sites that require a phone numbers for 2fa are rising too, sure I want to link my identity to every single website I login to. Sure let's ignore how insecure SMS is and that I can't actually own a number.
As someone who just uses virtual numbers I am basically locked out of things like Twitter and dozens of random websites who think SMS proofes anything.
And if I want a Twitter account, or 50 of them, I just rent numbers for a few cents. Basically just costing a little money and a additional click. What should that protect?
Why TF do I need a phone and phone number to use the internet? What went wrong there?
SMS is the easiest way to have 2FA for the common people on the street, you know those that using any kind of gadget is already too much, and make a large majority of human population.
I made the mistake of installing Google Search on my iPhone and logging in.
It automatically changed all my email two-factor auth to use the application instead of a SMS.
The only issue - I uninstalled the app pretty quickly.
I can’t prove this. I swear the UX changed even each time I would go to the settings and it knew I was looking to change that setting. Eventually I was able to switch back.
I’m glad they are doing this, but I hate that they automatically lump me in and decide things for me. Yes, I want the risk of SMS two factor auth. Yes, I want to setup manually everything.
I’m honestly baffled by your take. Are you suggesting whatever ecosystem you move to is hinged on your ability to forgo 2FA? That’s like only hooking up with people who don’t require me to wear a condom. I can’t imagine living my life with that much risk. Even if I move from Google, 2FA is the first thing I’m setting up.
> Are you suggesting whatever ecosystem you move to is hinged on your ability to forgo 2FA?
No, I'm saying that 2FA provides a great deal of friction and inconvenience (and, if a phone is involved, it requires disclosing PII), so the benefit of a company's service has to be worth the hassle and maybe data leakage of it. In Google's case, for me, it's not.
Can't say I disagree with this. I've been using 2FA on anything that supports it via Bitwarden's built in TOTP support for a while now (my Bitwarden is also protected by TOTP also).
Autofill username/password and the token is automatically copied to the clipboard on both desktop & iOS for inputting after entering credentials. Painless and secure.
If your Bitwarden vault is compromised however, you only have a single factor, because both the password and the TOTP secret are stored in the same place.
Readit News
2Fa is literally the only reason I have to keep a phone. And sites that require a phone numbers for 2fa are rising too, sure I want to link my identity to every single website I login to. Sure let's ignore how insecure SMS is and that I can't actually own a number.
As someone who just uses virtual numbers I am basically locked out of things like Twitter and dozens of random websites who think SMS proofes anything.
And if I want a Twitter account, or 50 of them, I just rent numbers for a few cents. Basically just costing a little money and a additional click. What should that protect?
Why TF do I need a phone and phone number to use the internet? What went wrong there?
/Rant over
It automatically changed all my email two-factor auth to use the application instead of a SMS.
The only issue - I uninstalled the app pretty quickly.
I can’t prove this. I swear the UX changed even each time I would go to the settings and it knew I was looking to change that setting. Eventually I was able to switch back.
I’m glad they are doing this, but I hate that they automatically lump me in and decide things for me. Yes, I want the risk of SMS two factor auth. Yes, I want to setup manually everything.
No, I'm saying that 2FA provides a great deal of friction and inconvenience (and, if a phone is involved, it requires disclosing PII), so the benefit of a company's service has to be worth the hassle and maybe data leakage of it. In Google's case, for me, it's not.
Autofill username/password and the token is automatically copied to the clipboard on both desktop & iOS for inputting after entering credentials. Painless and secure.
If your Bitwarden vault is compromised however, you only have a single factor, because both the password and the TOTP secret are stored in the same place.