Use a Yubikey. It’s a small USB Device you can put on a keychain. It is still a second device, but it’s not your phone. And you always have your keys with you, anyway.
Comment on This is why we have two-factor authentication.
FudgyMcTubbs@lemmy.world 1 day ago
I dont care for 2fa. Not interested in having my phone connected to my computer, and i dont like having an extra step when logging into stuff – especially an extra step that needs me to use a second device. Id honestly rather risk getting hacked over ever having to use 2fa again.
greenMeanHoppinMachine@lemmy.world 1 day ago
garbage_world@lemmy.world 1 day ago
Yubikey is closed source and likely steals your data
axx@slrpnk.net 1 day ago
Please provide a source to justify the “likely steals your data” comment.
garbage_world@lemmy.world 18 hours ago
You can never know.
I see such logic hourly on lemmy
Rooster326@programming.dev 1 day ago
He says having never had to deal with actually having his identity stolen.
FudgyMcTubbs@lemmy.world 1 day ago
Correct. It solved a problem that didnt exist for me.
Honytawk@discuss.tchncs.de 1 day ago
Why do you think you need to connect your phone to your computer?
You do know you can just generate codes and neither device will know of the others existence, right?
FudgyMcTubbs@lemmy.world 1 day ago
I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.
I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.
Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.
How many lies can I believe before I begin assuming everything is just another lie from a liar?
Guess im paranoid.
But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”
hoppolito@mander.xyz 1 day ago
But then just don’t use google authentication and instead one of the FOSS alternatives? Aegis comes to mind.
Like the original reply to your situation said, you do you - but this seems a weird threat model to me, extra-step point notwithstanding.
axx@slrpnk.net 1 day ago
MFA (a better term IMO for this) has nothing to go with phones, per se.
It’s just about reducing risk by adding more proofs that the person claiming to have the right to do something has indeed the right to do something.
Unless you have excellent password hygiene (long, random, different for every single site and service) the likelihood of having an account taken over goes up quite fast. The overwhelming majority of the population doesn’t, so forcing a second factor is a good way to limit damage.
If you don’tt like the multi step process, look at psskeys. They aren’t perfect, but they offer nearly all the security benefits of MFA without having to go throughthrough multiple steps.
chloroken@lemmy.ml 1 day ago
This makes me mad but I have absolutely no justification. Like, it’s your life. But I am incensed. Godspeed.
FudgyMcTubbs@lemmy.world 1 day ago
Thank you for the grace.