Skip to content
Translate Ideas and Comments
Choose language:
There was an error during translation

Settings and activity

1 result found

  1. 327 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    walkendead_ commented  · 

    Absolutely. TOTP would let people use applications they already trust, like Google Authenticator. If they use password managers that support TOTP like 1Password, they don't have to use two applications to authenticate. Using non-standard 2FA makes users more dependent on your third-party provider, a relative nonentity who seems to think association with cryptocurrencies makes them look more trustworthy and not dodgy af. (In its most charitable reading, this calls their marketing competence into question.)

    I tend to use 2FA everywhere, but honestly, I'm concerned that Authy, in particular, makes me less secure than 1FA using a long, unique password from my password manager. It gives me new risks to manage, and no real information to help me quantify that risk. (The guilt-by-association wrt cryptocurrencies is suggestive and concerning; nothing is objective and mitigating.)

    I'm staying away from your 2FA solution for those reasons. Use standard TOTP, let me choose my provider, and I'm on it like a shot. (Or add FIDO/U2F so I can use my Yubikey.)

    walkendead_ supported this idea  ·