Conversation

Matthew Garrett (@mjg59@nondeterministic.computer)

@mjg59

·

Feb 21

Elon asserts that it's more secure to use an authenticator app than SMS 2FA. Simple question: If you use an authenticator app and lose your phone and don't have your backup phrases, how do you recover your account? What stops someone else from doing the same?

69

26

183

namazso

@namazso

·

Feb 21

You don't. It's the same with SMS 2FA when you cancel your phone number. Sucks, but your fault. When I cancelled a number I had to export every SMS ever and go through them to find 2FAs bound to it. Do you think that's a so much more intuitive UX?

1

1

Matthew Garrett (@mjg59@nondeterministic.computer)

@mjg59

·

Feb 21

Do I think people lose phones more often than they change phone numbers? Yes.

3

11

namazso

@namazso

I guess it's different for everyone. I personally almost lost my number several times when I had a top-up sim, by simply forgetting to top-up to extend its life by a year. On the other hand, only ever lost one phone 15 years ago.

9:42 AM · Feb 21, 2023

·

120

Views

namazso

@namazso

·

Feb 21

and I still have encrypted backups, backups on paper, and the recovery keys on paper for all the TOTPs, so the losing phone thing wouldn't be as much of a problem as losing a number.