File: 1444325607706.jpg (22 KB, 400x400)

22 KB JPG

>>107228982
Blame all the hackers, scammers, fraudsters, and /b/uffoons that motivated the implementation of 2-factor authentication.
Their fault. What I myself hate is having to rely on email for the authentication code. Email server may randomly be a bitch and not put the code email through until after the code has expired. Using my phone is never an issue, at least.

At work, trying to check my paycheck stubs will require I go through the authentication process 5 times while getting to that part of the organization's system. Now THAT's annoying as heck.

Passkeys are better in every way

>>107228982
sites should have a hidden option activated by prefixing your name or email with a '#' whereby 2fa and other handholding becomes optional
plus don't tell normies about it

I have absolutely nothing 2FA except my bank because in America it must be a law or some shit.

I hate the idea of "lose phone number = lose everything".

I have never in my entire life had an account hacked.

>>107229015
There's a really simple solution, make 2FA opt-out but you have to type something like

"I Am Very Intelligent and a Computer Security Expert and Will Never Get Hacked if my account gets Hacked It's My Fault Now Please Disable Two-Factor Authentication"

Authenticators are a really shit 2fa but a second email or phone number is a pretty solid 2fa

>>107229291
>authenticators are shit 2FA!!
>phone is better!!
>get sim swapped
Yeah SMS is a totally solid 2FA. Fucking moron

File: 1763334330956.png (212 KB, 469x452)

212 KB PNG

>>107228982
>"waaah 2FA BAD"
>reuses same qwerty1234 password everywhere
>gets hacked next minute
>"FUCKING GOOGLE PAJEETS REEEEE"

my SIM card stopped working, and now I cannot log into my bank account

>>107228982
Nobody really cares if you get hacked. They only care that MFA is a requirement for cybersecurity insurance. They expect to get hacked but need insurance for a payoff.

they're gonna come up with something worse in the next 10 years. a dildo up your ass synced online or something. it just keeps getting worse

>>107228982
I was thinking the same until I got hacked with a keylogger which almost ruined me. Now I'm thankful TOTP is a thing

>>107229075
I have a key, I want someone else to open my door and feed my fish while I'm away. Hand him the key. The lock doesn't need to give a flying fuck about who has the key. Is it my key? Locks open. That's its fucking job. Can I do that with your passkey or is it just a misnomer to revoke my freedom while pretending to be helping me out?

>>107228982
password should have never existed in the first place.
you should have a key wallet and authenticate by signing a message

>>107228982
fact

>>107231017
Maybe you should read the docs instead of asking for this on 4chan. It's not that complicated and if you actually care about your freedumbs you would spend like 15 minutes to understand it.

>>107229703
>I am a retarded nigger who didn't back up my 2FA secret and that's not my fault o algo.

>>107231017
that's literally how passkeys work. you hand the passkey to your friend and he can get in any time.

>>107234641
>>107235485
I did read. It's not like that. No corpo wants anything like that. They want to tie one account = one user for tracking purposes. Letting someone else use your key is against every single TOS because it taints the shadow profile they're building on you. I was obviously ranting about it with a rethorical question. They don't want to help us out. They don't do shit out of the goodness of their heart.

>>107228982
Just add the TFA to keepass and copy and paste your totp like your password.

>>107229075
Passkeys are the ulitmate goyslop. "your" password is now bound to a (((secure))) chip and you need to prove it's you with a fingerprint everytime you want a service like a good goy

>>107228982
the problem is people create shit passwords and companies would rather just force everyone to use 2fa than deal with the fallout

>>107235637
The irony is that everyone uses weakest 2FA, which is like 32 byte secret, SHA1, and 6 digit codes.

File: f6 green.jpg (95 KB, 1277x632)

95 KB JPG

>>107228982

This. Enforcing 2FA everywhere just means that if my phone breaks or is stolen I lose access to literally everything. I can't even access my bank account to buy a new phone. It's setting up a dependency that's far more dangerous than the actual threat it's meant to counter.

>>107235626
>"your" password is now bound to a (((secure))) chip and you need to prove it's you with a fingerprint
https://thetis.io/products/fido2-key-usb-a-c-nfc
housing is aluminum, works with phone via NFC or USB-C
The point of 2FA is it depends on something you own, it doesn't need to be your fingerprint

>>107231017
>Is it my key? Locks open.
Opening your front door is not an entry point to stealing your identity or getting into your bank account. Analogies are for midwits.

>>107230993
>until I got hacked with a keylogger
yeah it's weird how things happen when you open every attachment and pirate software

>>107235544
>No corpo wants anything like that. They want to tie one account = one user for tracking purposes
Weird because I work for a university that actually uses SSO and 2FA and their motivation is to make passwords irrelevant and never in need of changing as long as they're long with alphanumerics and nonalpha characters. We have mandatory annual training and even receive IT-generated phishing emails we're supposed to recognize and report. The boogeyman is under your bed for sure, faggot.

>>107236849
>just means that if my phone breaks or is stolen I lose access to literally everything
We have a keychain fob that generates 6 digit numbers, it only requires the password you weren't supposed to share
2 factor: thing you know, thing you possess

>>107229291
>but a second email or phone number is a pretty solid 2fa
said no one in IS ever

>>107229111
>nothing 2FA except my bank because in America it must be a law or some shit
No, my credit union doesn't do that and they're bound by the same laws
But if they did, it would just be one more entry in Duo or whatever other authenticator app I use

>>107237222
Checked, but the analogy si broken on your side. The system asks for user/pass to allow me in. Therefore, from my end, if I want someone to access my account, I give him my user/pass. But muh you're sharing a paid account on kikeflix with your free loader friends. Yeah, well, if they don't like they should sue me, not take justice into their own hands and block my access. If I feel wronged can I take justice into my own hands and kill them? No, because of this power imbalance. And every shit like 2FA and passkey just furthers the imbalance to their favour, not mine.

>>107237267
Yet, if for whatever reason I want my friend to log in my page and look up my grades and tell me, because, idk, I've gone temporarily blind or whatever, lending him my credentials goes against the TOS. I 'm expected to instead call support and convince the doorman that I'm myself and he should help me out instead of just relying on a friend I actually trust. I should trust the faceless corpo and not my friends and family. Literal destruction of society. But you guys are too narrow minded to see the broader implications of corporate control.

>>107237347
>Therefore, from my end, if I want someone to access my account, I give him my user/pass
Which you know is against the service's TOS
>But now I have to call support
Your house is your property, an account lives in someone else's property and so you agree not to come up with excuses why you aren't bound by their definition of security.
>But that's unreasonable, man
When you have a job some day you will understand. No one is obligated to sit you down and explain in detail why they had to come up with these restrictions. Using a service is not living in a house you own and you can stay mad and keep making baseless predictions, or live with having to do one more thing than your parents did. I work in this field, you don't.

>>107237347
>I should trust the faceless corpo and not my friends and family. Literal destruction of society.
Society is an agreement to follow a common set of rules you fucking moron. Consensus isn't the bedrock of that definition where contrarians can pick and choose which ones they agree with. You drive fast backwards in the wrong lane, you get pulled over even if no one else was on the road.
>BUT MUH FRENNNZ
Pharmacist I know let a coworker use his work computer, coworker deliberately misused it to unlock drugs and pharmacist was fired on the spot per company policy. No IT department is going to tell people how to know who to trust because that's retarded. Fuck your friends, fuck your imaginary scenario, fuck your crippling zoomer phobia of talking to support staff and most of all fuck you for being a whining faggot.

>>107228982
And then you fucking retards wonder why you're all unemployed, with retarded backwards opinions like that.

It's because MFA has been entirely misused and poorly implemented by design. MFA was supposed to be more like a yubi key or piv card. Something you plug into to your device. NOT insecure protocols (sms, email) or authenticatior spyware apps.

>>107237556
This is the board that genuinely believes anime maido fuckbots will be a thing but they won't require you to listen to ads for 5 minutes before giving you a handjob because they are only capable of visualizing what they want, never how things work.

>>107237557
>MFA was supposed to be more like a yubi key or piv card
Funny how 2FA devices aren't cracked but regular yubikeys keep needing their firmware updated. We're going to continue to require 2FA especially as quantum computing becomes affordable enough to hacking groups.

>>107237432
The TOS is meant to fuck you over and harvest your data to sell to your corrupt government to persecute you for wrongthink. If you want to take that deal, get fucked, fag. I won't, I will cheat and steal whatever I want from the guys offering me that bad deal.

>>107237544
Yeah, he trusted the wrong guy and got fucked for it. Correct. Corpos want to stop me from being able to fuck myself over because they don't want to deal with it. Fuck you, I AM tech support. I know how retarded users are: all their passwords are on post its besides their screens. And the high and might guy with a powerful password who can fuck shit over doesn't want to deal with tech support, so he gies his password to an underling and when shit gets fucked, you have to listen to the underling lie "no, no, I' mhere helping mr. big shot. Support asked you to put your password, there. Okay, he entered his password, there's totally someone else in the room with me, now what?"

Enjoy being bootlcking faggots when shit comes for you. i will laugh at your disgrace.

>>107237654
>corpos corpos corpos corpos blarrggghhh
I literally work within an organization using most of this tech and we have zero interest in harvesting a fucking thing. Applications that let people pay online pass credit card numbers through a separate system we don't have access to. Applications that determine if an authenticated user belongs to a specific class for eligibility for a service go through an API to a central storehouse that prevents us, the developers, from accessing personal details because of something called FERPA you have to be certified for just to request this restricted level of access.
>Fuck you, I AM tech support.
You're a tier 1 flipboard reader capable of telling people how to download and run a screen sharing application, most of you aren't past 22 years old and don't know shit beyond coding some Javascript/Python. If you were any higher on the food chain you wouldn't be telephone tech support looking at desktops covered in document icons and folders named NOT PORN.

Fuckng contrarian bootlicking faggots. I'm ranting but I'm exposing an actual fucking problem: the difference in expectation.

Corpo wants one user = one account. There are a few security benefits, but mostly they want to harvest individual data to sell and the contamination from shared accounts hurts that. Otherwise bugmenot would have zero issues since they only share free logins.

users, on the other hand, just want to get some shit done. They see alogin screen that stops them from doing the shit they want, they need to bypass it, and the way forward is to provide valid credentials. They instantly correlate it to the nearest real world analogy: a fucking locked door. You give it the key and it lets you thru. Even the fukcing icon is a padlock and key because that's what they wanted you to think. Nowadays they're shifting away and focusing on the user icon instead, but that's new metaphor.

Point is: users want one thing. Corpos wants another. You bootlicking faggots are just bootlicking to be contrarian to me because you hate me and want to shit on me. I get that, I hate your guts too. But simply pretending "oh, one side is right and the other should just get fucked" doesn't solve the conflict, because, as I've demonstrated in this very fucking thread. that's also the worldview of users: we are right and fuck the corpos point of view. So standing ground isn't solving the problem, which again, is the disconnect between expectations of users and corpos. And I have more than enough reasons not to trust corpos, so I will fight on the internet calling you faggots with all my might if that stops corpos from getting more power to fuck me over. if you guys wants corpos to have more power to fuck you over, have fucking fun and die.

>>107237787
Not reading, don't care. Jsut wastesd my last effort typing this shit. I'm out. You guys can get fucked for all I care.

>>107228982
>I should be able to log into all my accounts with a single password and nothing else.
Bad actor hackers agree with you.

>>107237654
>And the high and might guy with a powerful password who can fuck shit over doesn't want to deal with tech support, so he gies his password to an underling
Yeah funny thing, the application I wrote that allows instructors to associate a course with a spending account requires our central authentication system which in turn requires 2FA. When an instructor asked if his TA could do this for him I said "No, and IT has already explained why to you, if there's a way I can improve the interface for you I'm all ears"

>>107228982
>>107229015
The funny thing is that 2FA isn't even that useful since everyone stores both cookie logins and 2FA apps on the same device. If you can take control of said device, then you can use all of the users logons.

>>107237790
Anon just say you lost your phone and can't access your twitter account or whatever you got locked out of.

Yeah I hate 2fa too....

>>107237790
>corpos bootlicking corpos bootlicking
This isn't your undergraduate poli sci class.
Every one of these things we do came out of an actual exploit we ourselves suffered because passwords are the weakest link in any security chain, not because we poorly configured the existing security.
>login screen that stops them from doing the shit they want
Does it? I order pizza all the fucking time without making an account. What shit do they want to do without an account?
>users want one thing.
To use the service. In most cases, in a way tied to their username to access personal info. You want to shitpost here? Go right ahead. You want to check on your health insurance? Yeah you're going to log in but I don't see anyone but you bitching about that.
>because you hate me and want to shit on me
I don't even know you, but I've been in fullstack since 1999 and if you have to add two numbers on one form to prove you're not a robot you don't shit your pants pretending to be a libertarian about it.

>>107237938
>since everyone stores both cookie logins and 2FA apps on the same device
I store no 2FA apps on my desktop because Duo doesn't do that. So someone installs a remote kit on my computer and gets in while I'm away, when they hit a page autofilling my 2FA then it requires either my phone or my security key, what are they going to do? Be real fucking specific.

>>107238133
*autofilling my credentials then requiring 2FA

>>107237578
>they won't require you to listen to ads for 5 minutes before giving you a handjob
Per the usual product rollout, this will be true for a while when they are first introduced to entice customers, but once their customer base is built up is when the enshitification begins.

>>107228982
Same for whoever invented magic email links for login to fucking spam my inbox and rack up your server SMTP relay costs.

>>107228982
Forcing people to use smartphone apps to get the 6-digit code to login is one of the dumbest ideas ever. You now have a single point of failure. Lose your phone, lose access.

>>107228982
you don't hang, draw and quarter someone.
that would be a waste of time.
you need to draw them(break all of their bones), quarter them(remove their limbs), then hang them before they die of blood loss.

jesus you people

>>107228982
Just use a generic authenticator desktop application with generated tokens

>>107228982
kys retard

>>107228982
2fa is just a legal backdoor. They just swim swap your phone and reset your pw, then change it back.

>>107229291
Opposite of what you said is true

>>107229291
>le good solution is le bad
>le bad solution is le good
okay, NSA plant.