undefined | Better HN

0 pointsmbesto4y ago0 comments

> 1. For large swaths of the population, hardware key-based 2FA or TOTP-based 2FA are too difficult to use, and they can also be more difficult to remediate if the user loses the hardware key or TOTP secret.

This doesn't mean software providers should not offer the ability to use TOTP instead of SMS. This irritates me to no end when applications force me to establish MFA using SMS before I can also establish TOTP.

0 comments

1 comments · 1 top-level

walrus014y ago

And sometimes no way to remove the sms ability to reset an account credentials for login even after totp is set up.

1 more reply

j / k navigate · click thread line to collapse