alt Hacker NewsNot force nonconsensual authentication methods onto users.
Google is one of the rare places I actually see positive value to 2FA. Compare with say banks, where it being demanded actually decreases my security. But regardless, it should not be forced.
Replies
deepsun • yesterday at 9:22 PM
But then millions of users would stay unprotected from password sealing (see https://haveibeenpwned.com/).
They certainly did a proper thing forcing people to use 2FA AFTER multiple emails over the years recommending to turn it on, and warning that they will enforce it, which they did.
As for the banks I doubt it decreases security. Even SMS 2FA actually reduces fraud by 90%+ percent.
Yes, some banks implement it silly, like SVB requiring biometric login in order to scan one-time QR 2FA code from their app (biometric login is less secure), but you don't have to use the QR code, can use regular 2FA without biometrics.
But even then having 2FA is 42 times better than not having it.