This is why you always (always) have backup codes. If a site doesn't provide the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		LocalPCGuy on Nov 2, 2022 \| parent \| context \| favorite \| on: Ask HN: Carrier “lost” my number in a port request This is why you always (always) have backup codes. If a site doesn't provide them (and only allows 2FA via SMS rather than also via Time-based one-time password), that's a huge red flag to me (and yes, I'm aware some very large sites fall into that bucket).

tjoff on Nov 3, 2022 [–]

So U2F is a red flag?

Maybe 2FA should be considered a red flag at this point.

LocalPCGuy on Nov 4, 2022 | [–]

2FA by itself isn't a flag to me, only offering 2FA via SMS is. It means to me they did the bare minimum in order to say they offer 2FA.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact