>2FA in general makes a bad solution worse all for the sake of security; it's not long for this world.

Can you expand on this?

With reasonable setups (trusted locations and trusted devices) the friction is absolutely minimal. And it isn't even a question, the security benefits are astronomical.

I am not understanding how you can say 2FA is "not long for this world".

1. Traditional way: - type email/username - type password - click submit

2. 2FA way - type email - type password - click submit - switch to secondary email/text app - wait for email/text to arrive - copy text string (not consistent, depends on input method) - switch back to main app - paste or manually type text string - click submit

3. Hybrid (passkey?) setups are a great step in the right direction. Even more convenient than passwords, and more secure, without app switching, which is the huge friction point.

You're purposefully writing #2 in a way to be more convoluted than it is, to prove your point, I guess?

#3 is still MFA.

How did they write #2 to be more convoluted than it is? The way I read it literally describes my average experience for any "2FA" login.

My average 2FA experience when setting it up for the companies I consult for is.

Enter credentials -> receive push notification and press "yes" -> login.

They wrote #2 to be purposefully long and convoluted. "Copy/paste code" is somehow 5 steps, with a waiting period? We really needed to detail out "switch app" as 2 steps? Come on.

As another example:

If you were to give directions to someone on how to get to your house, do you say: "Turn right at XYZ street, follow that up to ABC street and take a left, last house on the right"

Or do you say

"When you are 50ft from XYZ street, press on the brake pedal. When you get to the corner, turn the steering wheel to the right, hand over hand, then get the car straight again, press your accelerator, approach the speed limit, check mirrors every 20 seconds [...]".

Both are true. One is unnecessarily detailed to make it seem more complicated than it is.

Push notification from what? Another app? How'd you get that app?

Imagine needing two apps to login to one app

Oh please.

Do I need to go back and explain how the computer chip is made and what transistors are, too?

Or maybe we start at the part where you have to find a store to purchase a phone, and walk through that process?

If you're on macOS and have an iPhone, 2FHey copies 2FA SMS codes to your clipboard for you.

I've been using it for a few months and it works very well.

https://2fhey.com/

If you use Safari it will prompt to autofill the 2FA field with the SMS code. No need for an extra app.

You probably haven't worked with aging populations much. 2FA is an absolute nightmare when dealing with people who have learning or memory deficits.

I have certainly worked with aging populations, people who have barely any experience with computers, etc. While consulting, I have probably walked a few thousand people through MFA setup and use.

I have not tried to set up MFA for someone with memory deficits, so I can't speak to that.

All of that is completely beside the point, though. I'm not sure why it matters. There is 0 chance that MFA is "not long for this world".

That depends basically entirely on what the second factor is and how often you are requiring it.

Imagine futuretopia with me for a moment; when you are hired at a company they send a very secure cryptographic keygen to your subdermal ID implant. Maybe with 3 different fields for "employee" "division" "role"

When you enter the building, implant comms automatically using "employee" with the mantrap pads acting as a second factor as you type in your yearly revolving 9 digit employee passcode

Same with the workstation when you log in using "division", and maybe when you specifically access certain files "role". They all last a user session length, and can all use the employee 9 digit as primary login

This scenario gives you effortless 2 factor, 3 different times, and the employee only has to put in their simple 9 digit code thrice daily, maybe 6 times account for lunch break.

Does this scenario seem like two factor that's on the way out and causing more problems and inconvenience than it's worth?

Two factor sms where you have to type the code in yourself and sms is insecure? Sure that's dog shit. But we can make a better future instead of disregarding a pretty solid security concept

> Imagine futuretopia with me for a moment; when you are hired at a company they send a very secure cryptographic keygen to your subdermal ID implant. Maybe with 3 different fields for "employee" "division" "role"

This is immediately the wrong design and is confusing authentication with authorisation.

Your "subdermal implant" needs only one feature, (two if we wanted greater privacy than exists for employees today, but let's not get ahead of ourselves)

1. "I am still me". The implant can produce a copy of its public key, and will cheerfully sign simple freshness challenges allowing the employer to confirm that this is the same implant that the person hired had.

That's all you need, that's the whole thing. The question of whether you're in Org Unit A9 or ZQ, whether you're a Deputy Senior Assistant or a Senior Deputy Assistant, whether you're part of Divison F or not, these aren't authentication they are authorisation questions and there is no need for them to belong to you, they can live near the decision since they can be changed by other people - you can be demoted or promoted, moved, reshuffled, fired - that's not a decision for you it's a decision for somebody else.

Security sucks to the average joe. I tried to help my Mom set up 2FA and...it didn't work out well.

Most average people are just confused by it, but it's so important for security the focus shouldn't be getting rid of it, but figuring out how to make it buttery smooth to use.

> 2FA in general makes a bad solution worse all for the sake of security; it's not long for this world.

Yes, and given all the recent examples of accounts hacked because they didn't have 2fa for the sake of convenience, it's worth it.