I get why 2FA is adopted so widely: companies need to cover they asses. Even if you don’t care if a hacker gets ahold of your password for a flash game website, that password leak could cause issues later on, and opens the website up to responsibility.
What really bothers me more, is that 2FA is relying so heavily on phone numbers, which is an extremely flawed security system. At least some of the larger companies are open to using authenticator apps, or sharing the private key for storing in a database. But so many websites do 2FA by “requiring a phone number”, which just puts a lot of security responsibility on the phone carrier now. The user doesn’t really gain any extra responsibility for having good opsec, because phone companies fuck up all the time and assign phone numbers to new sim cards all the time, often on concerningly small amounts of information
I get why 2FA is adopted so widely: companies need to cover they asses. Even if you don’t care if a hacker gets ahold of your password for a flash game website, that password leak could cause issues later on, and opens the website up to responsibility.
What really bothers me more, is that 2FA is relying so heavily on phone numbers, which is an extremely flawed security system. At least some of the larger companies are open to using authenticator apps, or sharing the private key for storing in a database. But so many websites do 2FA by “requiring a phone number”, which just puts a lot of security responsibility on the phone carrier now. The user doesn’t really gain any extra responsibility for having good opsec, because phone companies fuck up all the time and assign phone numbers to new sim cards all the time, often on concerningly small amounts of information