Hacker News new | past | comments | ask | show | jobs | submit login

The last time I tried to do this, about a year, it required a phone number to enable 2FA in the first place, and then it was possible to use OTP (with e.g. Google Authenticator). But once I got sucked into doing that, I couldn't delete the phone number to do only OTP without it also disabling 2FA.

It still gives the same warning if you remove the phone number while TOTP is enabled. But I was able to remove and then set up TOTP based 2FA without a phone number.

I should add that removing the phone number didn't actually delete the number from my profile (who could have known?). You have to go into the Mobile tab and remove the phone number again.

All this despite me reluctantly adding my phone number just for 2FA. Dark patterns throughout the website.

Ugh, that sucks? I recently setup OTP-only 2FA, so apparently they fixed it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact