I seem to spend half my life logging into thing's, confirming 2fa,confirming biometric data. Then when I go back to the first thing it's timed out and I have to sign in again.

I'll heap email and sms based otp into that

I have many ways to generate totp codes. All of them are vastly more convenient than sending me an email or sms

So agreed. It’s fucking crazy. Password manager is so much easier and more secure. If you do this dumb email or SMS OTP flow, at LEAST support passkeys for my password manager!

It’s wild that they’re like “it’s more secure to not have a password” and then choose two unencrypted delivery mechanisms for the very short OTP.

Sure, people who reuse passwords are not secure. And fair, I guess it’s a tragedy of the commons. But at least continue supporting it and make it dead simple for password managers if you actually care bout security

The people in charge of the internet are "cybersecurity" "professionals" who can't even follow NIST guidance.

There's a landlord/apartment portal where the whole login process has changed to be:

1. Enter username (e.g. an email)

2. Choose from either email or SMS on file

3. Enter the code you got somehow through the respective unencrypted channel

Given that this same site is involved with bank-account details for payment, I am concerned...