Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The fact it can be removed by anyone is the problem. If you lose access to your 2FA (and recovery codes) then you should lose access to your account. Having it removable by anyone (other than a logged in account holder) defeats the entire point.

At least make it a major pain in the ass to recover like AWS, which requires some kind of notarised identity verification [1].

[1] https://news.ycombinator.com/item?id=13122723



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: