Hacker News new | past | comments | ask | show | jobs | submit login

For regular users TOTP isn't simple:

* you have to install an app, but you can't tell which app you're meant to use

* you have to configure the app with whatever your signin service is

* If you ever delete the app (something that is generally not harmful) you lose the ability to sign in, and reinstalling frequently does not bring back your old authorizations.

But yeah, SMS 2fa is garbage from a security stand point (and will remain so until carriers can be held liable for costs from transferring your number without your authorization), but it is usable and is leaps and bounds better than nothing at all, which is what users will do if you make 2fa hard to set up.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact