Not getting hacked
Virtually everyone has implemented it because hard locking users to a physical device prevents distributed attacks on servers, usually related to phishing.Users had only one job, chose a password with sufficient entropy, don't reuse passwords. Users couldn't manage that. We enforce it at work and almost half our users lose their creds every year. Almost half. They refuse to accept the fundimental agreement, that they are responsible, for their account. At that point what can we even do? If users don't even theoretically accept responsibility for creds they can just fuck off.
>>109082973So password managers can charge you for the convenience of autofilling your 2fa code for a problem they introduced.
>>109082978Yeah that
>>109082973Legal backdoor. When ever they need to get into your email/anything account, they sim swap your SIM to the fed phone, sms verify, then sim swap you back before you notice.
>>109082973if someone knows your password, they still can't login
The better way is to use passkeys.
>>109082973Easier goycattle surveillance
>>109083079That's what a password is for. Or at least used to be.
>>109083011>lose their creds every year.otp isn't something you have though, its something you know. just obfuscated.it has ZERO impact on phishing attacks as anyone with a brain can conclude.i store my hmac key in exactly the same place as my password.fuck ops cunts lol.> that they are responsible, for their account.then don't enforce mfa. or you are lying? lol. retard.
