undefined | Better HN

0 pointsneartheplain5y ago0 comments

Printed/saved backup codes are still an option. Can also attach multiple 2FA tokens to one account. That's what Google and many others provide. Their customers seem satisfied.

0 comments

freebuju5y ago

> Printed/saved backup codes are still an option

Vast majority of users don't bother with such complexities.

SMS is the easiest minimum entry barrier to 2FA. It is better than having just passwords.

jfrunyon5y ago

> It is better than having just passwords.

That is false. Many incidents have been widely reported where huge names, who certainly could afford even a $50 hardware token to protect their reputation/brand, were 'hacked' because they thought SMS 2FA protected them - and it didn't. Even with services which do also offer TOTP or U2F etc.

emit_time5y ago

It is better. It’s just not perfect.

decrypt5y ago

>Can also attach multiple 2FA tokens to one account

This is new to me. Most websites that I have seen offer only one 2FA token, but it could be scanned on any number of TOTP apps.

zaphirplane5y ago

I disabled some 2fa cause I once replaced my phone without following some script to copy across the 2fa app

Luckily I was still signed in on a computer

j / k navigate · click thread line to collapse