2FA is the biggest bane to my productivity in the last 15 years, no part of my work life should require me to pull out my magic distraction device.
this post was submitted on 22 Aug 2023
381 points (98.7% liked)
Technology
33586 readers
228 users here now
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
founded 5 years ago
MODERATORS
No offense to companies but I'm honestly sick of companies forcing 2fa. Every single one seems to have a different shitty way of doing it. Like why on earth do I need two different authenticator apps on my phone (authy&google authenticator)? Some do sms/phone number, but then yell at you and prevent you from doing 2fa if you have a "bad phone number". This happened on discord where I'm locked out of certain servers because I can't do phone verification, and I can't do it because discord doesn't like my phone number. Twitter was the same way for a long while (couldn't do 2fa/phone verification due to them not liking my number).
From the article it sounds like they're doing authenticator app or sms. I'm guessing sms won't work for me, so app it is. I decided to dig to see which authenticator app they use and they list: 1password, authy, lastpass, and microsoft.... no google?
Honestly, even email requirements for accounts is annoying because you know it just ends up spamming you. is the future where we're gonna have to have 30 different authenticator apps on our phone?
Oh noes, 2 different authenticators? Between my two jobs I need: Google Authenticator, Microsoft Authenticator, Duo, CyberArk, Okta, Impriviata, and I must have LastPass for password management. Everyone demands their particular flavor of security. Not to mention I have to login to all of these 40 something accounts every 29 days so they don't expire. Please, someone just everyone switch to a password-free security system like Microsoft Authenticator has and let's just get rid of the song and dance of picking a new password all the time.
load more comments
(2 replies)
Google Auth works just fine. The standard for app generated 2FA is, well, standard. They're only listing a non-complete list of options for people that don't know what an authenticator app is and need to get one for the first time.
The google auth which transmits your totp code in plaintext to there servers?
That is the specific app the person I replied to was asking about, so yea. Would have been a little weird if I was talking about some other app.
do all authenticators work for all services?
Mostly yes. I use Duo for everything.
Mostly. The 6 digit standard ones that you see almost everywhere are standard TOTP codes and most apps work for them. There are some proprietary things out there too but you typically see those with a matching app from the same company. Those are far less common though so for practical reasons you can assume they are all interchangeable.
Those values are computed separately what the app is really storing is just the input values which are then combines with the current time to create the 6 digit code. That means that keeping that input value (seed) safe is a big deal, and how and where that is done is one of the major differentiators between the various options.
load more comments
(20 replies)