I haven't used a phone 2fa forever, but it was a much better system than this "email me a code" BS.
But you're right, it's not perfect but has gotten better. Just in time to be of no use thanks to email BS.
What's 2fa token? Is that an AI thing? AI uses tokens. Or a crypto thing? Do you need one of them "nonfungible" tokens? And what's an authenticator? I have MS authenticator for work, but it uses 2 digit numbers, are those tokens?
They exist so if someone watches over your shoulder while typing your password, they don't gain access to anything.
Relying on Google/Apple is no better, with the stories of people losing access to their (Google in particular) account, and not being able to recover or let alone even reach a human at Google to begin with.
Why not have a public service for this, instead of relying on big tech that can just revoke your account for any number of ToS "violations" without recourse? The solution for "normies" should not be rely on and trust Google with your entire digital identity.
State involvement may be better used in policing, too. Public repositories of leaked passwords (without usernames, of course) would do wonders, for example
Google frequently warns me that one of my passwords has compromised but I don't really care for those sites.
The State is always more difficult and dangerous to deal with than a private company.
Ridiculous.
Please stop right there. I want a password manager that I fully control, and lives on my own infrastructure (including sync between devices). Not reliance on someone else's cloud.
