That and most accounts that use TOTP auth apps, let you bypass/disable them via email 2fa, while also letting you reset your password the same way...
Got access to your marks email? You've got both factors.
That and most accounts that use TOTP auth apps, let you bypass/disable them via email 2fa, while also letting you reset your password the same way...
Got access to your marks email? You've got both factors.
A bank I used for a mortgage has mandatory text message 2fa if they think you're on a new device (won't allow google auth/etc). And web browsers like firefox/brave block enough cookies/etc that it requires the "new device" authentication everytime I log in.
Problem is, for a couple months there was some delay with their text messages. It would take 10-20 minutes to send your 2fa code, and the code would expire after 5 min, meaning that by the time you got the code it was always expired and unusable.
Made it completely impossible to log in to pay my mortgage payments. Led to some really frustrating talks on the phone about how I didn't want to pay with a credit card over the phone, I wanted them to fix their damn system so I could log in and pay via bank transfer like usual.
Ah yeah I remember I had a service that had a delay with sending the 2fa code (can't remember if it was email or sms) but it got to the point where it was basically gambling on if I'd get into the account on that day or not lol. Glad it wasn't as important as mortgage payments though that sucks to hear.
Couldn't be more infuriating than apple's forced 2fa that requires a phone number. Effectively making iOS devices useless unless you have a phone number.
Mine somehow got linked to my work MacBook, and it won't even let me use my phone to authenticate. They really love that ecosystem lock-in.
Yeah I had a very frustrating issue with that on an old work laptop
Didn't know about the phone number requirement but I am annoyed that any time I log into my apple account it'll only ping my iOS devices as a 2fa option. Wish I could use generic/standardized 2fa code gen.
Facebook not only sends the code to text without asking, but they love to just directly start the reset password procedure.
Now, that's super weird. Are they assuming that, because last time I logged in was 6 months ago, I must have forgot my password?
I love mandatory sms
My guess is that it's the easiest and cheapest way to set up "MFA".
The number of banks that don't have proper MFA really bugs me.
My guess is that it’s the easiest and cheapest way to set up “MFA”.
TOTP is cheaper.
SMS is actually expensive at scale. An example would be Signal, the messenger app that doesn't use SMS. They have overhead for sending backup codes/new account creation/Verification/etc... https://www.wired.com/story/signal-operating-costs/ 6 million a year. API integrations for SMS messages/codes are still like 1-5 cents per message.
TOTP's requirements? A reasonably accurate clock on the server, and storing the shared secret in a database.
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-At this time we permit content that is infuriating until an infuriating community is made available.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.