Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
100% agree with the exception that 2FA over SMS or email needs to die, along with the “magic link” style of signing in.
Why is everyone so slow to implement FIDO2?
Agreed. But I think it’s evident even in these threads why companies are slow to adopt. Lemmy is still a niche corner of the internet predominantly used by technology savvy people, and yet you see folks here saying that they hate the inconvenience of it. Less tech adept users are more likely to dislike the additional friction.
Maybe I’ve been in the Apple garden too long but Passkeys make this easy enough for any idiot.
Now if websites would stop prompting for a password and just use passwordless authentication I’d be happy.
In fact I did this for my own business in one day using Authentik as SSO like three years ago. What’s the holdup?