I dont care for 2fa. Not interested in having my phone connected to my computer, and i dont like having an extra step when logging into stuff – especially an extra step that needs me to use a second device. Id honestly rather risk getting hacked over ever having to use 2fa again.
Use a Yubikey. It’s a small USB Device you can put on a keychain. It is still a second device, but it’s not your phone. And you always have your keys with you, anyway.
I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.
I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.
Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.
How many lies can I believe before I begin assuming everything is just another lie from a liar?
Guess im paranoid.
But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”
MFA (a better term IMO for this) has nothing to go with phones, per se.
It’s just about reducing risk by adding more proofs that the person claiming to have the right to do something has indeed the right to do something.
Unless you have excellent password hygiene (long, random, different for every single site and service) the likelihood of having an account taken over goes up quite fast. The overwhelming majority of the population doesn’t, so forcing a second factor is a good way to limit damage.
If you don’tt like the multi step process, look at psskeys. They aren’t perfect, but they offer nearly all the security benefits of MFA without having to go throughthrough multiple steps.
I dont care for 2fa. Not interested in having my phone connected to my computer, and i dont like having an extra step when logging into stuff – especially an extra step that needs me to use a second device. Id honestly rather risk getting hacked over ever having to use 2fa again.
This makes me mad but I have absolutely no justification. Like, it’s your life. But I am incensed. Godspeed.
Thank you for the grace.
Use a Yubikey. It’s a small USB Device you can put on a keychain. It is still a second device, but it’s not your phone. And you always have your keys with you, anyway.
Yubikey is closed source and likely steals your data
Please provide a source to justify the “likely steals your data” comment.
You can never know.
I see such logic hourly on lemmy
I’m sorry, I don’t see how your reply answers my request for providing a source for your claim.
You can never know.
He says having never dealt with having his identity stolen.
Correct. It solved a problem that didnt exist for me.
Why do you think you need to connect your phone to your computer?
You do know you can just generate codes and neither device will know of the others existence, right?
I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.
I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.
Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.
How many lies can I believe before I begin assuming everything is just another lie from a liar?
Guess im paranoid.
But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”
But then just don’t use google authentication and instead one of the FOSS alternatives? Aegis comes to mind.
Like the original reply to your situation said, you do you - but this seems a weird threat model to me, extra-step point notwithstanding.
MFA (a better term IMO for this) has nothing to go with phones, per se.
It’s just about reducing risk by adding more proofs that the person claiming to have the right to do something has indeed the right to do something.
Unless you have excellent password hygiene (long, random, different for every single site and service) the likelihood of having an account taken over goes up quite fast. The overwhelming majority of the population doesn’t, so forcing a second factor is a good way to limit damage.
If you don’tt like the multi step process, look at psskeys. They aren’t perfect, but they offer nearly all the security benefits of MFA without having to go throughthrough multiple steps.