1. 11
  1.  

  2. 5

    Is there any desire to have Lobsters support 2FA?

    1. 3

      I’d use it; I’m not sure I’d advocate for spending effort on it over other features, but I’m not aware of any recent feature proposals. Halfhearted yes?

      1. 2

        I already got a u2f usb thing for github purposes so definitely – any website where I need to manually log on is a website i desire support U2F.

        1. 1

          i’d use it!

        2. 2

          What would be really nice is if this broke down OTP further into TOTP vs. SMS OTP. I’ve discovered, to my sorrow, that there are sites I want secure authentication to, but shouldn’t have trusted with my phone number…

          The one that made me upset was mint.com, which as of this writing has removed the configuration options for 2FA but left the restrictions in place. This means I can’t update my phone number or email with them. The phone number has changed and I therefore can’t use that login method; the old email still forwards to the current one for now, but I’d rather not have that as extra attack surface.

          But there are lots of other sites in the general category of “you trusting me doesn’t mean I trust you”.

          1. 2

            The site I’ve seen before posted is https://twofactorauth.org/ which details whether its SMS vs something else. In fact, this site was forked from there.