alt Hacker NewsSomething somewhere is always hostile to particular group. That's just facts of life. You do your best to minimize but can never eliminate it.
As someone who has dealt with 2FA support, all the methods suck.
SMS 2FA is least secure but has broadest support with quickest recovery method.
TOTP Applications (Google Auth, Authy, iOS Passwords) is more secure but people switch phones, lose phones and so forth and recovery is always a nightmare.
Yubikey and like have cost problem and you still have recovery problem.
A clear solution in my mind is having the Federal Government run some form of centralized hardware based system where hardware could be replaced by government office after verifying identity. Government does this already for DoD CaC cards. However, in the United States, Privacy Advocates would lose their minds, and funding would constantly be under attack.
So yea, I get SMS 2FA is hostile to mountain people but 2FA is hostile to login services and executive yachts.
Replies
>Government run some form of centralized
Nah I am good thanks.
> Yubikey and like have cost problem and you still have recovery problem.
Recovery is relatively straightforward if you have more than one key. You enroll all your keys, and if you lose one, you buy a new key and use one of the other keys to enroll it.
> Privacy Advocates would lose their minds
Privacy of authentication may be a valid concern (e.g. during voting), but I don't see how it applies here. If what I want is to confirm to the bank that I am who I am, with all the details about me that I have told the bank already anyway, I very clearly and openly forfeit my privacy. I explicitly ask to be precisely identified.