Hacker News new | past | comments | ask | show | jobs | submit login

Printed/saved backup codes are still an option. Can also attach multiple 2FA tokens to one account. That's what Google and many others provide. Their customers seem satisfied.



> Printed/saved backup codes are still an option

Vast majority of users don't bother with such complexities.

SMS is the easiest minimum entry barrier to 2FA. It is better than having just passwords.


> It is better than having just passwords.

That is false. Many incidents have been widely reported where huge names, who certainly could afford even a $50 hardware token to protect their reputation/brand, were 'hacked' because they thought SMS 2FA protected them - and it didn't. Even with services which do also offer TOTP or U2F etc.


It is better. It’s just not perfect.


>Can also attach multiple 2FA tokens to one account

This is new to me. Most websites that I have seen offer only one 2FA token, but it could be scanned on any number of TOTP apps.


I disabled some 2fa cause I once replaced my phone without following some script to copy across the 2fa app

Luckily I was still signed in on a computer




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: