8

I'm gonna rant about how Discord does not let you disable 2FA after having it enabled if you forget the code they provide for cases where you don't have access to the 2FA in the first place and I lost a damn account to that :/

Comments
  • 4
    2FA is so annoying sometimes. I dropped my phone and it completely broke. There were some services which had a way to deal with this situation. Others which didn't.
  • 1
    This renderred TOTP unusable to me, unless automatic backups are made and sent to some other device via SyncThing. The downside is that, even if you encrypt the vaults, the fact itself is easily discoverable and it would only take one master password to crack it open with that second device.

    Again, it's up to your threat modelling, but me inadvertently disabling backups may be the end of me someday, haha!
  • 2
    Real men use the drcc matrix chat
  • 0
    well - don't enable 2fa in the first place
  • 1
    @retoor Did not know they would not have the disabling as an option when needed, seeing how everyone in my experience except them seems to have it as a feature.
  • 1
    If you lose the backup keys or only store them on 1 device it's your own damn fault and not "service XYZ being stupid"
    What's the point of 2FA if it can just be bypassed/disabled for convenience?
    Especially discord is heavily targeted by account takeover scammers, e.g. scanning a qr code browser-in-the-browser phishing or dragging a bookmark scriptlet
  • 1
    @devRancid Look, I don't apprecoate the tone here. I do confess, though, that I was not thinking ahead and something truly unforeseen happened...
  • 2
    Discord tryin' so hard to get my phone number. It feels like they planning to dox me later. I had channels try and require phone numbers so I left those channels.

    Google decided to turn of 2FA without me asking. They got my phone number from somewhere and started asking me to use that device. I went in an turned that shit off. No, I didn't turn it on.

    This whole gotta get people's phone number is sociopathic at this point. Why they so keen on getting phone numbers? The security excuse seems flimsy to me.
Add Comment