mccAs I awoke this morning from uneasy dreams I found that Google had replaced my authenticator app with an anus drawn by Kurt Vonnegut
…wait I'm sorry, fucking *what*? "back up your authenticator codes to the cloud"?! Isn't it *literally* no longer 2FA then? Like at that point the test the authenticator performs isn't "do you have the physical device" it's "do you have access to the Google account". Why not use a Google password manager and skip the authenticator?!
Leah Neukirchen@mcc but it's terrible UX in times when phones randomly die or get lost.
Cassandrich@dalias @leah If 2FA is unfair to people who cannot keep stable possession of one of the two factors, the solution is to not use or not in-all-cases require 2FA! The solution is not to say "okay, so we will remove one of the factors" (or, I guess, "okay, so we will make one of the factors be 'your site password' and the other factor be 'your Google password', I would describe that also as a bad solution)
Carlos SolísMy current workaround? Self-hosting an instance of Vaultwarden, so I can just log into another website that is under my direct control and get the 2FA from there
Of course, the major problem here being “having enough ownership of things to be able to leave a computer on at home and accessible online”.
Sören