Hacker News new | past | comments | ask | show | jobs | submit login

I don’t use nor recommend Google Authenticator. If you want a secure 2FA/MFA, use a hardware token or a passkey. TOTPs without a backup or sync is pain waiting to happen.

Of course, syncing TOTPs comes with its own threat model. Something to keep in mind.




Sometimes you don’t have a choice. Sometimes even if have that set up, the service will still send an SMS.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: