Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Honestly, I think if you’re using 2FA, you should also have 2 different ways to provide a 2nd factor (like TOTP or notification to your phone).


Google supports this. I have hardware key, phone notification, TOTP, 2FA recovery codes and email notification to non-Gmail address all setup.

Losing access to my second factor has always been my biggest concern with 2FA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: