i swear i tried to be understanding but i cant anymore. sms auth or app-only codes are the most annoying thing ever and whoever invented this should sit in a corner and think about what they did (#`Д´)
im here on my pc, comfy, typing login and password thinking im gonna get in just fine. then out of nowhere that message shows up. "we sent a code to your phone". and im just like... why? why are u assuming i have a phone glued to my hand rn?
nobodys watching their phone 24/7
u know when ur lying on the couch wrapped in a blanket and ur phone is charging in another room? yeah. then u try to log into some site and it sends the code there. then u gotta get up. and depending on the place its a whole walk. im in pajamas. im cold. i just wanted to access my account in peace (╥﹏╥)
what if the phones dead? what if its on airplane mode? what if its in my bag and the bag is outside? what if im on my work pc and my personal phone is at home? what if i simply dont have a phone rn?
the devs and pms of these sites seem to live in a bubble where everyone has the latest iphone glued to their hand from wake up to sleep. like u just raise ur arm and check the notification.
what about people who dont have a phone?
some people dont like phones, some lost theirs, some are out of one. the phone became like a mandatory human body extension just to exist in the digital world.
sms and bank apps arent even secure
besides being inconvenient its also insecure. SIM swap exists. social engineering at telecom carriers is routine. if someone wants ur number they can get it. its not hard. phone providers leak data everywhere.
then the site forces u to use a fragile method to prove its u. its like putting up a cardboard door and thinking ur protected. the bank forces it, the government forces it, everyone forces it, and nobody asks if theres something better.
authenticator app on pc
i use a password manager on pc that has 2fa support. everything stays on the computer im working on. dont need to get up, dont need to grab my phone, dont need to pray the battery aint dead.
if im logging in from my pc, why cant the second step stay on the pc too? why all this fuss about forcing a completely different device just bc?
and the alternatives nobody wants to give
everyone with internet has email. passkey would be ideal, even more now that modern browsers support it. but companies love this bc its "easy". easy for them. not for us.
i just wish platforms would stop assuming everyone lives with a smartphone embedded in their forearm. sometimes im on my pc and wanna stay on my pc. sometimes my phone is far away. sometimes i dont have one.