Settings and activity

1 result found

1. Open standard 2FA with QR codes

   337 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   21 comments  ·  Account Management » Security and Privacy Settings  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   An error occurred while saving the comment
   walkendead_ commented  ·  Feb 1, 2020  ·  Edit…  ·  Delete…

   Absolutely. TOTP would let people use applications they already trust, like Google Authenticator. If they use password managers that support TOTP like 1Password, they don't have to use two applications to authenticate. Using non-standard 2FA makes users more dependent on your third-party provider, a relative nonentity who seems to think association with cryptocurrencies makes them look more trustworthy and not dodgy af. (In its most charitable reading, this calls their marketing competence into question.)

   I tend to use 2FA everywhere, but honestly, I'm concerned that Authy, in particular, makes me less secure than 1FA using a long, unique password from my password manager. It gives me new risks to manage, and no real information to help me quantify that risk. (The guilt-by-association wrt cryptocurrencies is suggestive and concerning; nothing is objective and mitigating.)

   I'm staying away from your 2FA solution for those reasons. Use standard TOTP, let me choose my provider, and I'm on it like a shot. (Or add FIDO/U2F so I can use my Yubikey.)

   Save Submitting...
   walkendead_ supported this idea  ·  Feb 1, 2020