remove 30-day re-auths
Requiring users to enter some code via sms every 30-days is just stupidity disguised as security theatre. These codes do nothing to further protect our data at-rest, nor do they validate identity. It's just another unnecessary hoop to jump through. If it wasn't a meaningless, pointless, futile exercise, you wouldn't have added a 30-day option to not-validate - you'd be validating with every new browser instance. We don't need another TSA in our lives.
emopausal
shared this idea
-
JDC0mmand0
commented
Why do you have the "trust this computer for 30 days" box on 2 factor authorization, if you don't actually trust the computer for even 2 hours? Why should I have to constantly do this every single time I log in to twitch?
-
TherapyGames42
commented
So this is my MAIN computing device, this is MY computer, why can I only sign on for 30 days on MY computer? There should be a check list for "permanent" and "temporary" instead of "30-days" because that's just kind of ignorant. I don't want to have to clear myself every 30 days just because I want 2-step verification, I just don't want any OTHER computers to sign in as me and want to be notified when any OTHER devices try to sign in as me, not me, on my laptop, signing in every freaking month because you can't keep me signed in for whatever reason.