• tal
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 months ago

    I don’t think that the problem is 2FA itself so much as poor UX on existing systems.

    Let’s say that I have a little USB keychain dongle in my pocket with an “approve” button and a tiny screen. When I sign in, at the time that I plug my password in, I plug the dongle in. It shows the information for whom I am approving authentication. I push the “approve” button.

    It’s got a trusted display (unlike a smartcard, so that a point-of-sale system can’t claim that I’m approving something other than what I am).

    It can store multiple keys, and I basically use it for any credentials that I don’t mind carrying with myself.

    I then keep another, “higher security” dongle at home with more-sensitive keys.

    Does that add some overhead relative to just entering my password? Yeah. But is it a big deal? No. And it makes it a lot harder for someone to swipe credentials.

    I agree that using phone-linked SMS 2FA authentication is problematic (for a number of reasons, not just because it locks you to a phone, but because there are also privacy implications there).