• FudgyMcTubbs@lemmy.world
    link
    fedilink
    arrow-up
    8
    arrow-down
    6
    ·
    1 day ago

    I dont care for 2fa. Not interested in having my phone connected to my computer, and i dont like having an extra step when logging into stuff – especially an extra step that needs me to use a second device. Id honestly rather risk getting hacked over ever having to use 2fa again.

    • chloroken@lemmy.ml
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 day ago

      This makes me mad but I have absolutely no justification. Like, it’s your life. But I am incensed. Godspeed.

    • greenMeanHoppinMachine@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 day ago

      Use a Yubikey. It’s a small USB Device you can put on a keychain. It is still a second device, but it’s not your phone. And you always have your keys with you, anyway.

    • Honytawk@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 day ago

      Why do you think you need to connect your phone to your computer?

      You do know you can just generate codes and neither device will know of the others existence, right?

      • FudgyMcTubbs@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 day ago

        I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.

        I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.

        Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.

        How many lies can I believe before I begin assuming everything is just another lie from a liar?

        Guess im paranoid.

        But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”

        • hoppolito@mander.xyz
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 day ago

          But then just don’t use google authentication and instead one of the FOSS alternatives? Aegis comes to mind.

          Like the original reply to your situation said, you do you - but this seems a weird threat model to me, extra-step point notwithstanding.

    • axx@slrpnk.net
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      22 hours ago

      MFA (a better term IMO for this) has nothing to go with phones, per se.

      It’s just about reducing risk by adding more proofs that the person claiming to have the right to do something has indeed the right to do something.

      Unless you have excellent password hygiene (long, random, different for every single site and service) the likelihood of having an account taken over goes up quite fast. The overwhelming majority of the population doesn’t, so forcing a second factor is a good way to limit damage.

      If you don’tt like the multi step process, look at psskeys. They aren’t perfect, but they offer nearly all the security benefits of MFA without having to go throughthrough multiple steps.