this post was submitted on 17 May 2025
487 points (95.2% liked)

Technology Memes

453 readers
1 users here now

Welcome to Technology Memes. Here you can make memes and/or rant about technology, internet, computers, corporations, enshittification and etc.

Rules:

  1. Stay on-topic.
  2. Don't attack and harras anyone. Be nice.
  3. No racism and discrimination.
  4. No politics unless they're related to tech.
  5. No spam, no ads.
  6. No NSFW.
  7. Don't repost.

Please report any posts and comments that violate these rules.

Related communities:

founded 8 months ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] BassTurd@lemmy.world 37 points 2 months ago (5 children)

Every time I read comments on posts like these, it reaffirms to me how the average person does not give a shit about real security or is completely ignorant to how and why these extra safeguards are used. Lemmy, I would assume, has a higher than average tech knowledge amongst it's user base vs many other platforms, but the sentiment often that of, MFA and needing to login to a bunch of separate applications is too much work and the people that designed them don't know what they're doing. It's a bit disheartening.

[–] lightsblinken@lemmy.world 26 points 2 months ago* (last edited 2 months ago)

nah, you can care about security and also lose hours on MFA. for global enterprise, the overall user experience is far from optimal imho.

[–] RandoMcRanderton@lemmy.world 15 points 2 months ago (2 children)

GoDaddy sends a confirmation email for updating DNS. It does not ever arrive faster than 10 minutes from the time they claim they will send it, and sometimes it takes up to 15 minutes. The code expires in 20 minutes, so if you switch focus to something else in the mean time and miss the email and the code times out, you have to send another one and just sit there staring at the email inbox. I have lost hours of my life to GoDaddy MFA. Not all MFA is stupid, but their implementation is amazingly stupid.

[–] jbk@discuss.tchncs.de 12 points 2 months ago

Another bigass reason why godaddy sucks lol

[–] BassTurd@lemmy.world 5 points 2 months ago

Yes, I can't defend dog shit implementation. There are enough authenticator apps available that anyone reputable should use one instead of the less secure email or SMS.

[–] Pulptastic@midwest.social 7 points 2 months ago (3 children)

Do I really need TFA for social media? Or a forum? News sites? Fucking weather? Financial logins I get, but every single site requiring it is a cumulative time and hassle burden that is not worth it.

[–] BassTurd@lemmy.world 4 points 2 months ago

I would say anytime where someone can impersonate you or make purchases as you deserves MFA. That's my risk tolerance, but it can differ obviously. I just feel that threshold is too low for a lot of people.

[–] AtariDump@lemmy.world 2 points 2 months ago* (last edited 2 months ago)

…for social media?

Where someone can impersonal you and scam people out of money? Yes. 2FA.

…Fucking weather?

I mean, I’m not here to kink shame but, probably? I’m partially wondering now what weather looks like when it fucks. Like a tornado in a sinkhole?

…every single site requiring it is a cumulative time and hassle burden that is not worth it.

It wouldn’t be necessary IF:

  1. People chose decent passwords that were different for every login
  2. Website security was taken seriously by anyone who has a login.
[–] creation7758@lemmy.ml 1 points 2 months ago

I don't mean to sound rude but why would you need an account just to check weather

[–] LaLuzDelSol@lemmy.world 2 points 2 months ago

At work I need multifactor for everything, but... ITS ALL THE SAME MICROSOFT ACCOUNT. We have SSO, but every single stupid webpage needs me to sign in separately with 2FA and forgets about me hours later. It's needlessly tedious.

[–] Duamerthrax@lemmy.world 1 points 2 months ago (1 children)

I just use strong, unique passwords and be mindful when something is asking for my logins.

[–] BassTurd@lemmy.world 1 points 2 months ago (1 children)

That should be the bare minimum for everyone, but it doesn't protect anything if a password is compromised, especially something like email that can lead to getting other passwords.

[–] Duamerthrax@lemmy.world 1 points 2 months ago (1 children)

If your email is compromised, isn't 2FA also compromised?

[–] BassTurd@lemmy.world 2 points 2 months ago (1 children)

I suppose in some cases, yea. I was thinking about authenticator apps as MFA and forgot about email. Ideally, all MFA would be through a separate authenticator. For stronger security, something like a ubikey or other hardware security device can be used.

[–] Duamerthrax@lemmy.world 1 points 2 months ago

I don't even think I use websites that would use that. The only "app" like that is google using my phone for new logins. Every other 2fa uses my email. If it's not a google service, I'd prefer not to have to use an app because I treat my whole phone as insecure.