Comment

Comment on Why don't more websites/services offer 2FA?

themeatbridge@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

It’s also a pain in the ass for the user. Creating a barrier to entry decreases the likelihood that your customers will use the service. I don’t want to go find my phone to receive a text every time I want to log in to every single website.

source

Sort:hotnew top

user224@lemmy.sdf.org ⁨4⁩ ⁨weeks⁩ ago
It’s not like it has to be required.

source
halcyoncmdr@lemmy.world ⁨4⁩ ⁨weeks⁩ ago
Pain in the ass, not really.

Text based MFA is the least secure option, and shouldn’t be used. Apps or a dedicated hardware token are the options you want, and those are pretty easy to setup.

That also doesn’t even take into account that mobile makes up more than 50% of global web traffic now. So “going to find your phone”, you are in the minority. The majority of people are already using their phone when they are logging into something.

A dedicated authenticator app like Authy is easy to set up. And now the most common password managers also allow generating those MFA app codes directly to login with them alongside your regular username and password. Apple’s Keychain, LastPass, and Bitwarden all support it, just to name a few.

And we have Passkeys being implemented as an alternative to the Password/2FA system, with native support for that via things like iOS and Bitwarden, and I’m sure others as well.

source
- pearsaltchocolatebar@discuss.online ⁨4⁩ ⁨weeks⁩ ago
  You’re ignoring the part about having to go find your phone. MFA apps still require you to do that.
  
  source
  - halcyoncmdr@lemmy.world ⁨4⁩ ⁨weeks⁩ ago
    My second paragraph literally points out that the majority of Internet traffic now is mobile, around 58%. More likely than not, any given person is already on their phone. No need to find your phone when it’s in your hand and you’re already looking at it.
    
    source
    Thavron@lemmy.ca ⁨4⁩ ⁨weeks⁩ ago
    That’s still a 40 percent possible user loss.
    
    source
    -> View More Comments