this post was submitted on 03 Jun 2024
57 points (96.7% liked)

No Stupid Questions

35808 readers
2000 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

I've been going through updating all of my accounts (passwords, 2FA, etc.), and I've noticed that there are a lot of sites that don't offer any form of MFA.

I can understand smaller services that might not have the bandwidth, but surely larger organisations are able to get this setup?

you are viewing a single comment's thread
view the rest of the comments
[–] themeatbridge@lemmy.world 13 points 5 months ago (2 children)

It's also a pain in the ass for the user. Creating a barrier to entry decreases the likelihood that your customers will use the service. I don't want to go find my phone to receive a text every time I want to log in to every single website.

[–] user224@lemmy.sdf.org 7 points 5 months ago

It's not like it has to be required.

[–] halcyoncmdr@lemmy.world 6 points 5 months ago (1 children)

Pain in the ass, not really.

Text based MFA is the least secure option, and shouldn't be used. Apps or a dedicated hardware token are the options you want, and those are pretty easy to setup.

That also doesn't even take into account that mobile makes up more than 50% of global web traffic now. So "going to find your phone", you are in the minority. The majority of people are already using their phone when they are logging into something.

A dedicated authenticator app like Authy is easy to set up. And now the most common password managers also allow generating those MFA app codes directly to login with them alongside your regular username and password. Apple's Keychain, LastPass, and Bitwarden all support it, just to name a few.

And we have Passkeys being implemented as an alternative to the Password/2FA system, with native support for that via things like iOS and Bitwarden, and I'm sure others as well.

[–] pearsaltchocolatebar@discuss.online 4 points 5 months ago (1 children)

You're ignoring the part about having to go find your phone. MFA apps still require you to do that.

[–] halcyoncmdr@lemmy.world 3 points 5 months ago (1 children)

My second paragraph literally points out that the majority of Internet traffic now is mobile, around 58%. More likely than not, any given person is already on their phone. No need to find your phone when it's in your hand and you're already looking at it.

[–] Thavron@lemmy.ca 2 points 5 months ago (1 children)

That's still a 40 percent possible user loss.

[–] halcyoncmdr@lemmy.world 2 points 5 months ago (1 children)

Possibly, but the real world is likely nowhere near that. I'd be willing to bet most people in general don't leave their phone lying around their house randomly while they're home and actively doing things where they might need to login to accounts. More likely their phone is in a pocket, or on the desk in arms reach, not the other side of the house while they're on the computer.

And of course all of this assumes a phone only app or a text message while ignoring the systems that let you access your messages from other devices. Like the iOS/Mac support through an Apple ID, Android Messages supports via the web, and Phone Link on Windows will let you do as well over WiFi at home. All of those will let you access your phone messages without needing the phone directly in front of you.

[–] Thavron@lemmy.ca 2 points 5 months ago (1 children)

I think you're vastly overestimating the digital literacy of the population as a whole.

[–] halcyoncmdr@lemmy.world 2 points 5 months ago

Oh I realize how illiterate most people are with tech. But fully integrated systems like Apple's Keychain and integration with Mac products make that a much smaller issue than it would otherwise be on the surface for many of those users. At least, until they don't remember their Apple ID.