kill_dash_nineSep 27, 2023

Why Do Companies Not Use Existing 2FA Standards?

https://lemm.ee/post/9526374

Why Do Companies Not Use Existing 2FA Standards? - lemm.ee

This is something I am seeing more and more of. As companies start to either offer or require 2FA for accounts, they don’t follow the common standards or even offer any sort of options. One thing that drives me nuts is when they don’t offer TOTP as an option. It seems like many companies either use text messages to send a code or use some built in method of authorizing a sign in from a mobile device app. What are your thoughts on why they want to take the time to maintain this extra feature in an app when you could have just implemented a TOTP method that probably can be imported as an existing library with much less effort? Are they assuming that people are too dumb to understand TOTP? Are they wanting phone numbers from people? Is it to force people to install their apps?

Show threadmaporitaSep 27, 2023
I can’t answer your question but it’s particularly annoying for me because I travel a lot for work. Sending me an SMS message when I’m in the middle of Africa isn’t going to work. (In fact I found a way to make it work by enabling wifi calling with my US cell provider… but I shouldn’t have to jump through hoops to verify my identity)
Show threadTCB13Sep 27, 2023
That’s why you use an Authenticator app that gives you TOTP offline.
Show threadkill_dash_nine
If a service I use does not offer TOTP but implements their own 2FA through another method, I have no choice to use it though.
Sep 27, 2023 at 11:09amWeb