Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That doesn't mean I think it's a good idea.

A phone is better than nothing. A real token would be much better.



I'd argue using Authenticator is better than simply not using 2FA. Which is probably the choice for a lot of people for whom always carrying some dedicated hardware device is not really a realistic option.


absolutely. it’s a second thing to hack. just because it’s _possible_ to hack the second thing doesn’t mean it isn’t helpful.


In what way is carrying a dedicated device not realistic? My second factor lives on my keyring and is only a bit larger than a typical door key. Everyone carries keys.


I don't carry my keys when I'm traveling if I'm not driving my own car. So, no, not everyone carries keys.

ADDED: I do have other 2FA hardware as well. But I assume I'm not guaranteed to have it with me when I need it.


Ah, you have separate keyrings for your home keys and car keys? I'd say that's not usually the case.


No. I have a keypad on my door. So when I take a trip by air (which is common), I just leave my keys at home. But I agree that my scenario may not be super common.


It's common in any situation where you share a car with other people.


Which, in turn, is more common outside of US.


I don't normally drive a car (I take transit to work) so I don't carry car keys. I have an electronic lock on my door at home, so I don't carry house keys. I don't carry keys of any type.

My phone case has a slot for credit cards, so all I normally carry with me is my phone, a credit card, my work badge, and my transit pass.


It doesn’t add value for most applications for service providers.

TOTP for GMail assures Google that the same person who enrolled the account was given custody of a key.

The physical token only adds value in scenarios where phones aren’t available or you need to assure the identity of the individual.


> In what way is carrying a dedicated device not realistic?

For most people, it's so far outside what they're familiar with that it feels alien and incomprehensible. It makes absolutely no sense to them. So they're not going to do it or adopt it quickly.

User education will catch up in time, but that will take quite a long time.


>For most people, it's so far outside what they're familiar with that it feels alien and incomprehensible. It makes absolutely no sense to them.

The Google Titan Key looks like a car keyfob, so I don't really agree with you on this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: