Ask HN: Should HN Get 2FA?
3 pointsby roschdal7 hours ago4 comments
  • PaulHoule7 hours ago
    Never. 2FA is a suicide pact for any online service if it doesn't have high touch customer service like a bank. A certain fraction of users will be locked out without recourse each month and the user base will decay like a radioisotope. Every time a service requires 2FA I rethink if I want to stay with it.
    • rekabis6 hours ago
      > Every time a service requires 2FA I rethink if I want to stay with it.

      I’m sure you feel the same about locks on your car and on your home. I mean, those silly keys, eh? They get so much in the way of going in and out and just using those things. Better if we dispensed with keys entirely, and just left everything unlocked and instantly available.

      • PaulHoule6 hours ago
        Look if I get locked out with real keys and locks I can call the locksmith and get the situation resolved.

        If I get locked out of Google or Amazon or Facebook I can talk to the hand at best with no recourse at all. A lot of 2FA hardware is garbage, like the Yubikey I had that had the hole attaching it to my keychain worn out in less than two years -- it could have fallen away and been lost.

        • rekabis3 hours ago
          If you do 2FA without recovery keys or a recovery eMail, you’re doing it wrong.

          Everything I have heard from you so far is draped with ignorance and misinformation.

  • rationalistan hour ago
    I prefer to just keep my password secure.
  • Bender7 hours ago
    To manage it, probably that or IP restrictions. I assume team dang has IP/CIDR restrictions set on their authorized_keys in sshd.

    For the rest of us, probably just simple / basic password complexity and some attempt at detecting brute force if that is not already a thing. My personal preference for any site would be to also have an option for cidr/IP approve-list.

  • catfish-12346 hours ago
    Dont exactly see the appeal of what someone with my login credentials would do on HN.
    • rekabis6 hours ago
      Doxxing. Posing as you, to get you fired or otherwise affect your reputation, especially if there is already a traceable connection to your meatworld persona. As a first step in a fraud scheme. To leverage social credibility to affect others.

      The options are varied, and are really only nerfed by obscurity of both the platform and your handle in terms of its doxxability.