undefined | Better HN

0 pointsillusive40801y ago0 comments

But you can use any totp authenticator. The protocol is free and open.

0 comments

userbinator1y ago

It's more to make the point that "no means no." An act of protest.

(I have written a TOTP implementation myself. I do not have a GH account, and likely never will.)

Dylan168071y ago

It's ridiculous to say "no means no" about not wanting to use a password to get an account, right?

What makes TOTP different from a password in terms of use or refusal?

ndriscoll1y ago

Browsers don't save the TOTP seed and auto fill it for you for one, making it much less user friendly than a password in practice.

The main problem I have with MFA is that it gets used too frequently for things that don't need that much protection, which from my perspective is basically anything other than making a transfer or trade in my bank/brokerage. Just user-hostile requiring of manual action, including finding my phone that I don't always keep on me.

It's also often used as a way to justify collecting a phone number, which I wouldn't even have if not for MFA.

2 more replies

j / k navigate · click thread line to collapse