
Businesses. Please support good quality 2-factor standards, don't roll your own - Morthawt
I implore companies, please stop rolling your own two factor solutions and using insecure ones as your only option like SMS text messages. Are you expecting people to install 100 apps for various services to use 2-factor protection? An app for your service, for the next service...? All that development time to reinvent the wheel too.<p>U2F is an insanely secure, super easy to use, relatively cheap solution for customers to use and you can implement it on your sites in short order. There are standard TOTP code systems that use standard apps on phones and computer programs that people can use.<p>In this world of insecurity I strongly urge you to stick with known, strong security standards that are accessible to people. Yubikeys along with cheaper U2F alternatives will provide ultimate security for people.
======
pwg
You do realize that many of the "companies" to which you are directing this
will likely _never_ see it here, because they likely don't read HN.

With that said, you are also not viewing the issue holistically. There is an
'incentive' for these companies to roll their own apps. Those same apps. allow
them to track, monitor, advertise to, and otherwise monetize their customers
and/or their customers metadata. Yes, likely very shady, but also likely
allowed by those same customers because the "do you agree to our terms" page
up front did include those terms, albeit in dense, small print, legalese, and
the customer pressed "agree" or "yes".

So you will also need some argument to convince these same companies to forgo
the ready revenue stream they see forming from these apps when trying to
convince them to go with an industry standard such as U2F or TOTP.

~~~
Morthawt
I just find the situation depressing. Most sites have no 2-factor and with the
advent of U2F and TOTP, I wish more sites that are offering real services,
would offer these standards. I can understand them having their own (maybe) if
their app has a larger purpose. For example the gaming system called "Steam".
I have no problem using that because a) activating 2-factor (their 2-factor)
provides instant access to trades vs waiting 2 weeks and b) the app has other
uses that are something I might use when out and about.

