alt Hacker NewsSo, in my head, once I heard the idea, I started thinking of something WAY different, and maybe its worth considering. I was thinking something like a combination "security question," "captcha" and "secondary identifier" (whatever the thing that google et al do when they tell you to match the picture on your phone to complete the login)
I don't know, something like "name the fruits that correspond to your first school colors" or similar
Maybe some type of long physical probe you have to sit on and it generates a hash from the exact shape of your "cavity".
Seriously, am I the only one who was happier without any of this "2FA" crap? VPS/Domain/Google with a hardware token is the one narrow scope where I see any value, and even those I could do without. Every other site is just a non-consensual nagging that hassles me when logging in. Bank accounts are the worst, as every bit of friction for checking my balance/transactions actually decreases my security!