Installed Steam on a new computer. Signed in. It sent a passcode to my GMail. I signed into GMail. It wanted me to 2FA because I hadn’t signed into Google on that device. It sent a notification to my phone, which I never received. I had it resend the notification twice, still nothing. Tried again with my phone’s offline passcodes. Neither worked. Tried the QR code/Bluetooth connection, and that finally did it.
At least I got through in the end, but fuck, it’s annoying.
I remember getting pretty stressed when my local welfare app (which you need to engage with to get welfare money) used 2FA and my phone network was delaying every message by several hours. Risking eviction for the very low risk that someone was scalping welfare passwords and fraudulently logging job applications or work hours.
my favorite is that when you try to pay off a fucking bill it’s like WHOA now we wouldn’t want someone else to sneak in here and pay off your debts?? Please make a 24 character password
SMS 2FA is insecure bullshit anyway the only reason anyone does SMS 2FA is to track your phone number.
We also learned that the backdoor that was left in the modern phone network for the FBI was exploited by foreign hackers; so yeah pretty easy to bypass SMS 2FA this way.
Your phone is also likely the least secure device you have. Mine at least has a measly 6 digit password. A human shadowing you could easy watch you input a password and steal your phone.
I have a decent gift for memorizing numbers and patterns, and you would not believe how many friends PINS and phone passwords I know just from being around them.