I’ve run into that a few times, but usually just on financial sites or services where an attempted account hijack may be likely, and it’s ultimately a good thing. There have been one or two where it seemed entirely unnecessary though, so I get the frustration.
Yeah, anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address). But random superfluous websites I use for entertainment or socializing? Get outta here.
anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address).
Hardware-based 2fa would be nice, but it seems that these same organizations are among the only which DON’T have hardware-based 2fa and insist on texting codes, instead.
None of them actually take security seriously, even through all of them should be!
I agree, texted codes are not very secure and it honestly surprises me how common that quasi-2fa implementation still is. Granted, common thieves/scammers don’t typically go thru the hassle of emulating your number and generating a false sim card in order to intercept text messages meant for you. So, it’s still better than nothing, at least.
Funny enough, all my banks allow me to change my email address easily through their app or website! And they DON’T offer strong 2fa, so security is the least of their priorities.
But so many sites, like our local hardware site or G2A (for buying software keys) don’t, and I’d rather close the account (done through their website, no less!) than go through the hassle of contacting support.
I’ve run into that a few times, but usually just on financial sites or services where an attempted account hijack may be likely, and it’s ultimately a good thing. There have been one or two where it seemed entirely unnecessary though, so I get the frustration.
Yeah, anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address). But random superfluous websites I use for entertainment or socializing? Get outta here.
Hardware-based 2fa would be nice, but it seems that these same organizations are among the only which DON’T have hardware-based 2fa and insist on texting codes, instead.
None of them actually take security seriously, even through all of them should be!
I agree, texted codes are not very secure and it honestly surprises me how common that quasi-2fa implementation still is. Granted, common thieves/scammers don’t typically go thru the hassle of emulating your number and generating a false sim card in order to intercept text messages meant for you. So, it’s still better than nothing, at least.
People are often easier to hack than a proper MFA solution.
Funny enough, all my banks allow me to change my email address easily through their app or website! And they DON’T offer strong 2fa, so security is the least of their priorities.
But so many sites, like our local hardware site or G2A (for buying software keys) don’t, and I’d rather close the account (done through their website, no less!) than go through the hassle of contacting support.