Unpopular Opinion
Welcome to the Unpopular Opinion community!
How voting works:
Vote the opposite of the norm.
If you agree that the opinion is unpopular give it an arrow up. If it's something that's widely accepted, give it an arrow down.
Guidelines:
Tag your post, if possible (not required)
- If your post is a "General" unpopular opinion, start the subject with [GENERAL].
- If it is a Lemmy-specific unpopular opinion, start it with [LEMMY].
Rules:
1. NO POLITICS
Politics is everywhere. Let's make this about [general] and [lemmy] - specific topics, and keep politics out of it.
2. Be civil.
Disagreements happen, but that doesn’t provide the right to personally attack others. No racism/sexism/bigotry. Please also refrain from gatekeeping others' opinions.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Shitposts and memes are allowed but...
Only until they prove to be a problem. They can and will be removed at moderator discretion.
5. No trolling.
This shouldn't need an explanation. If your post or comment is made just to get a rise with no real value, it will be removed. You do this too often, you will get a vacation to touch grass, away from this community for 1 or more days. Repeat offenses will result in a perma-ban.
6. Defend your opinion
This is a bit of a mix of rules 4 and 5 to help foster higher quality posts. You are expected to defend your unpopular opinion in the post body. We don't expect a whole manifesto (please, no manifestos), but you should at least provide some details as to why you hold the position you do.
Instance-wide rules always apply. https://legal.lemmy.world/tos/
view the rest of the comments
What's the difference between an unpopular opinion and a wrong opinion?
Without MFA, hundreds of thousands more accounts if not millions would be completely compromised. That is just a fact because most people choose horrible and/or completely the same password for everything. Bank account details, credit card info, social security or government ID numbers, etc...
It doesn't have to be as bad as email or SMS. TOTP has been a standard for a very long time and there are a dozen apps for it. Simply enter the app, copy the code, done. SMS and email are less secure anyways.
American companies seem particularly allergic to TOTP for some reason...
I look at it more like, if you are going to require MFA, why require passwords as part of login?
Because that's an authentication factor?
Yes, but there are a lot of people arguing here about how bad passwords are because they get leaked and you need so many of them that it is a struggle for people to remember them. So, if passwords are so bad, why should they be maintained as a method of authentication?
They're not really that bad, lots of people are just bad at using them. A lot of breaches happen because someone gets lazy and uses a default or something stupidly simple like what you'd use on your luggage.
Yeah, but people have several dozen accounts, passwords have to change on some of them, and it used to be very discouraged to write passwords down so people needed to remember them.
A system has created where there are massive failures in its use because it was poorly implemented.
Then you need to know 2 different codes.
They would need to hack the server password database or your password app AND have physical access to your device.
It is the same concept as using biometric + TOTP or password.
Something you have, something you know, something you are: those are the 3 general "factors"