Why phone 2fa is useless and just wastes your time

The place to chill and talk about anything not related to technology.
User avatar
K4sum1
Lazy Owner
Posts: 914
Joined: 11 Jan 2021, 07:40
Location: ur dads house
OS: Windows 8.1 x64
Has thanked: 576 times
Been thanked: 267 times
Contact:
United States of America

Why phone 2fa is useless and just wastes your time

Unread post by K4sum1 »

Many services and people will suggest to use phone 2fa to "improve security", however most of the time it does nothing except waste your time. Even if a hacker gets your password, most services worth hacking already have a form of email 2fa where they email you a code if a new computer or IP logs into your account. Discord, Steam, Google, etc all have this yet want you to use 2fa with your phone. Your phone is no more secure than email, and can be less secure in some cases. 2fa also does nothing if your authentication cookie or token gets stolen, which is what most account stealers target. There is no practical way to defend against such an attack, no amount of x factor authentication will help. I'm tired of this "2fa is more secure" bullshit that is being pushed upon us.
I don't know what I'm doing hit album by Brad Sucks

tyl0413
Posts: 13
Joined: 13 Jan 2021, 01:08
Has thanked: 2 times
Been thanked: 7 times

Why phone 2fa is useless and just wastes your time

Unread post by tyl0413 »

TOTP is good, just no good PC clients (Bitwarden and Proton Pass supports it if you pay) and I hate having to check the phone I soon won't even have.
Proprietary bullshit like Steam/Battle.net's can fuck off and SMSing a code even more so since it's completely insecure, harvests the phone number and yeah. Some even lock TOTP behind a phone like the complete retards they are like Battle,net and Twitch.

User avatar
K4sum1
Lazy Owner
Posts: 914
Joined: 11 Jan 2021, 07:40
Location: ur dads house
OS: Windows 8.1 x64
Has thanked: 576 times
Been thanked: 267 times
Contact:
United States of America

Why phone 2fa is useless and just wastes your time

Unread post by K4sum1 »

I found this, which seems like it would make Steam a lot easier to deal with.

https://github.com/Jessecar96/SteamDesktopAuthenticator

I would need to see how it stores it's data, how portable it is. I'll give it a try when I next need to use the Steam forums as they block that without 2FA.
I don't know what I'm doing hit album by Brad Sucks

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests