Either by sending a code to SMS or Email, you are able to sign into your account without ever needing to or being able to add a password. Why has this become a thing recently?
It is coding for the lowest common denominator of user – those who use the same easily-guessable password for everything. Making them click a link to login is honestly better security.
Of course there should be an option for those of us who have a TOTP app and use a password manager.
Can’t brain today, I have the dumb. What’s TOTP, other than that BBC show?
Time based one time passwords. Those (usually) six digit codes which get replaced every 30 seconds or so. During setup you copied the secret to your device (usually smartphone) and now your device and the server you authenticate at can calculate the same secret code every thirty seconds.
Personally I’m frustrated with always having to give a working phone number to accounts.
I have no idea if I’ve been at all successful in poisoning my data but all my accounts use unique generated emails in addition to generated passwords and fake profile info. It’s just habit now.
However all too often the one piece of real data I have to give is my phone number, and that would be really useful to cross-link all my accounts for data brokers building a dossier on me.
I have hundreds of fake emails but can create at most a couple phone numbers
Side rant:
To make it worse, SMS is incredibly insecure. Nothing should send you codes via SMS, and if you have the option to use an authenticator app, do that. It’s atrocious so many banks only have SMS as an option.
The really dumb part is, the SMS codes are literally the same authenticator algorithm, but running on their servers and sent to you via an insecure medium.
I never understood why SMS is insecure, are you saying it’s easy to intercept someone’s number? How would that even work without the SIM?
Veritasium did a great video on it. Anything I can say about it will be 10x worse than that video.
