Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Its also a big problem for me because I want a super cheap phone plan, I dont need a good or fast service, I dont really need a phone number, but I need reliable and secure account for stuff like this. Can't wait for SMS 2FA to disappear.


The problem with ALL MFA factors including SMS is that they can disappear. One of the reasons we like SMS in my company is because in our experience the support costs of MFA are astronomical for other factors because the rate at which users seem to lose them.

In practice, a lot of the non-sms factors end up requiring reset every couple of years on average. It means our support orgs end up treating MFA resets as routine and that in itself can lead to situations where you open your customers up to social engineering attacks on support and support tooling.

There's really no easy answer here, my only hope is that eventually we move to government issued, strong, digital identities as second factors.


TOTP with proper diligence (backing up your codes) is just about the best of everything. You aren't dependent on any third parties for an MFA factor; your email and phone providers may disappear, but your TOTP code is as secure as you've made it.


We're literally talking about people losing their codes. What makes you think most people even have a system to securely archive TOTP codes long term, much less actually think to do it?

What if an iPhone user uses Apple Notes to store their TOTP keys (probably one of the most reasonable ways accessible to a non-technical user), but then 5 years down the line switches to Android, 5 more years pass and they've entirely forgotten that they even used to put TOTP codes in Apple Notes 10 years ago, and then they need their TOTP codes?

Securely archiving things which are rarely if ever needed across many decades is an incredibly hard problem, and I would trust approximately 0% of users to do it correctly.


Is Apple Notes a TOTP program? At least where I do my thing, on AndOTP, there's a plainly obvious backup and restore function that saves or reads from a file. Doesn't get much simpler than that.


Apple Notes is a note taking program, it would be a place to store backup codes. You can't store your backup codes in your OTP app, that would defeat the purpose.


Hence the file. Backup to a file, copy it somewhere else. Heck, print it out on paper if you want to.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: