undefined | Better HN

0 pointscr125rider1y ago0 comments

That’s fair. Can I have it backup sync to iCloud so I’d lose my phone I can get a new one? I think that’s a usability vs. security risk we’re gonna have to be okay with. People aren’t going to be able to have multiple devices.

0 comments

3 comments · 1 top-level

cedws1y ago· 2 in thread

>Can I have it backup sync to iCloud so I’d lose my phone I can get a new one?

Then your accounts are only as secure as your iCloud account, which I wouldn't count on, and you've undermined the purpose of 2FA entirely.

There's no way around this - 2FA needs to be bound to a single physical device if you want to benefit from it.

JumpCrisscross1y ago

> your accounts are only as secure as your iCloud account, which I wouldn't count on, and you've undermined the purpose of 2FA entirely

This is extreme. Uploading your 2FA to an encrypted cloud like iCloud widens your circle of trust. But it also increases convenience and utility.

I personally take the best of both worlds. A synced 2FA for most accounts. And a locked one for my critical ones, e.g. 1PW. If I couldn't sync any accounts I wouldn't bother turning on 2FA for most because the downside is low and, ultimately, probably someone else's problem to clean up.

Marsymars1y ago

> There's no way around this - 2FA needs to be bound to a single physical device if you want to benefit from it.

Depends what the benefit is.

From the PoV of my bank, the benefit is that people who use “Password123!” for all of their accounts don’t get their accounts trivially compromised.

From my PoV, the benefit of TOTP 2FA is that my password manager can fill it all in automatically rather than having to find my phone and type in SMS numbers manually. (As a non-iOS user - if you’re on iOS you can have your SMS 2FA codes put in automatically.)

j / k navigate · click thread line to collapse