For decades, we have been told that the future is digital and that resistance is futile. But what if the future we truly want is one where the analogue coexists alongside the digital, where digital technology is an option and not a mandate?
Case in point: I was required to add a phone number to an account before they would let me use an Authenticator App. If you’re securing your account, the standard should be that an Auth App is agnostic of other user data. It doesn’t need your phone number, it doesn’t need your user ID, it just needs the secret key.
And I was thinking all along, “What if I didn’t have a phone number? Are people who can’t be reached by phone just not allowed to use TOTP?”
Braxman on YouTube has a good video on this exact point and how they are using it with the government to track everything you do, it is part of the KYC know your customer ideology that is now being used by tech co’s to be able to track everything about your life.
They’re almost certainly doing that because they’re forcing you into SMS 2fa as a ‘backup’ to the TOTP solution.
Cheaper to get everyone’s phone number so you can send them a text message when they fuck up their totp app/delete it/get a new phone/whatever than deal with support calls.
It’s stupid and insecure and incredibly dumb, but, well, business decisions.
Case in point: I was required to add a phone number to an account before they would let me use an Authenticator App. If you’re securing your account, the standard should be that an Auth App is agnostic of other user data. It doesn’t need your phone number, it doesn’t need your user ID, it just needs the secret key.
And I was thinking all along, “What if I didn’t have a phone number? Are people who can’t be reached by phone just not allowed to use TOTP?”
It’s needlessly discriminatory.
Braxman on YouTube has a good video on this exact point and how they are using it with the government to track everything you do, it is part of the KYC know your customer ideology that is now being used by tech co’s to be able to track everything about your life.
They’re almost certainly doing that because they’re forcing you into SMS 2fa as a ‘backup’ to the TOTP solution.
Cheaper to get everyone’s phone number so you can send them a text message when they fuck up their totp app/delete it/get a new phone/whatever than deal with support calls.
It’s stupid and insecure and incredibly dumb, but, well, business decisions.