Why phone 2fa is useless and just wastes your time
Posted: 12 Jun 2023, 12:47
Many services and people will suggest to use phone 2fa to "improve security", however most of the time it does nothing except waste your time. Even if a hacker gets your password, most services worth hacking already have a form of email 2fa where they email you a code if a new computer or IP logs into your account. Discord, Steam, Google, etc all have this yet want you to use 2fa with your phone. Your phone is no more secure than email, and can be less secure in some cases. 2fa also does nothing if your authentication cookie or token gets stolen, which is what most account stealers target. There is no practical way to defend against such an attack, no amount of x factor authentication will help. I'm tired of this "2fa is more secure" bullshit that is being pushed upon us.