The point of 2FA isn’t that if your password is weak it saves you. The point is if your password gets leaked somehow (you accidentally enter it on a fake site, the site gets compromised, someone looks over your shoulder), they still can’t enter without the 2FA. I hate SMS 2FA (it’s not even secure) and sites that make you go through 3 steps for some reason, but the 6 digit code ones really aren’t that big of a deal, you just whip out your phone and open an app.
the 6 digit code ones really aren’t that big of a deal, you just whip out your phone and open an app
Until you’re in tough times financially and your phone company cuts you off, permanently locking you out of every account with SMS 2FA! This actually happened to me, and there was nothing I could do about it, unlike phishing and shoulder surfing, which are easily within my power to prevent.
The point of 2FA isn’t that if your password is weak it saves you. The point is if your password gets leaked somehow (you accidentally enter it on a fake site, the site gets compromised, someone looks over your shoulder), they still can’t enter without the 2FA. I hate SMS 2FA (it’s not even secure) and sites that make you go through 3 steps for some reason, but the 6 digit code ones really aren’t that big of a deal, you just whip out your phone and open an app.
Until you’re in tough times financially and your phone company cuts you off, permanently locking you out of every account with SMS 2FA! This actually happened to me, and there was nothing I could do about it, unlike phishing and shoulder surfing, which are easily within my power to prevent.