I hate 2FA, solving a problem I don't have. I expect it rather to lock me out some day than actually helping me.

Just subscribed to a service, pissed that I couldn't use a simple password and had to do one of those impossible ones making you store it in a Keychain or making you the forget-button dozens of times. Activated account, and then it wanted you to do the 2-FA as well.

Do realize, my freaking bank has just a four digit code weirdos!

The current state of auth security is a complete joke.

Passwords have stupid rules which make the pw less secure.

Idiotic "security questions" which are just passwords but less secure because prone to social engineering.

And automatic logging out after 5 minutes because… well because fuck you.

@Lensflare yeah, everything is wrong. Everyone storing the passwords on the same place. Convenient, but don't pretend it's secure in any way, because let's face it: I probably get hacked by installing / mistyping weird dependency. From that point, it only has to search pc. I have no idea how we could get into such state. It's a paranoid with bad outcome. Snek has not a single password requirement, even one char is allowed. Responsibility is for the user self, you're free to use your supersonic malformed uuid passwords if you think that'll keep you much safer.

That's quite accurate.

To add to this, there are some sites that, apart having these weird requirements for passwords && 2FA, also require you to change that password every couple of months.

Imagine that change requirement has some additional rules, as well. _Unless_ you're using a password manager, or post-its, or something similar, then such constraints result in people using basic passwords w/ bare minimum to meet the requirements.

@D-4got10-01
Every hacker knows that almost all users will add an incrementing number at the end.

@Lensflare Ah. You must've met my boss.