It's frightening how reliant we are on our phones

Smeghead

Smeghead

Smeghead

Associate
Joined
6 Mar 2010
Posts
1,230
Just a warning, this is mainly a bit of a rant, but it's genuinely quite scary how reliant we are now on our phones.

The other day, my main phone died out of the blue. Completely bricked. Even plugging it in it doesn't respond. So I get my backup phone (which is now very old and barely functional). I get it all set up again from scratch, which is a complete pain because of so much 2FA now.

  • My password are all locked in my password manager. Luckily I had my backup keys written down and at hand to change the 2FA method on desktop, because otherwise I would be well and truly royally stuffed at square one.
  • I try to set up Authy...I can't remember the details. Yes, 100% my fault, and luckily I don't have much set up there, but I struggle to find any written down notes I may have done, and I can't find any other secure notes on a device. I leave it for now.
  • I try to set up my messaging apps - one of them is being troublesome and not logging in. I try to log in with their usual method and wait for an SMS verification code, nothing comes through. Apparently, after Googling, login sessions are locked to specific devices. I go through account recovery and use my username/password I set up to login instead, it doesn't work. I do another recovery method, and they need me to ask 2 people who are already logged in to send me a message of some verification number. I lose patience and leave it.
  • I remember the last time I changed phones, my banking app needed me to actually ring them to set up my new device. So my entire bank account is locked behind my phone. I leave it as something to look forward to do later.
  • Funny timing, but my backup phone has literally just now died today. The battery had already degraded to the point of dropping like 20% in a few hours, but I suddenly saw the battery drop to 0, even though it was plugged in, and now just bootloops. Just my luck.
  • I'm now in a bit of a panic and go to the closest stores to me right now (at work) to buy a new phone. They don't have the colour I want in stock, so I come back to the office and check stock online. I see it at one near my house. I try to buy it....and I started laughing as the purchase wanted me to log into the app to approve the purchase.

All this 2FA is a double edged sword. Yes, it's more secure, but God forbid you ever lose your device, because it's not even funny how much of a pain in the ass this all is right now. Thank God I don't go the whole hog and tie my bank cards to my phone and don't bring a wallet with me or anything like that.
 
Smeghead said:
All this 2FA is a double edged sword. Yes, it's more secure, but God forbid you ever lose your device, because it's not even funny how much of a pain in the ass this all is right now.
Click to expand...
This is why backup codes exist. It's not really a problem if you keep copies of the codes. It's when you set up 2fa and dont bother copying the codes that it becomes a problem.
 
I have a landline and a smartphone but I dont have a SIM in the smartphone, I just use it as a camera and all its other functions.

A laptop for everything, except for gaming which i use desktops and consoles.

If my smartphone dies it will not affect me one bit whatsoever.
 
james.miller said:
This is why backup codes exist. It's not really a problem if you keep copies of the codes. It's when you set up 2fa and dont bother copying the codes that it becomes a problem.
Click to expand...

Some of this stuff never gives you a backup code though. My banking and credit card apps, of all things, I've never been given backup codes. They just tie it to the device, or you get an SMS or whatever else verification code and verify that way.
 
Last edited:
james.miller said:
This is why backup codes exist. It's not really a problem if you keep copies of the codes. It's when you set up 2fa and dont bother copying the codes that it becomes a problem.
Click to expand...

As Smeghead said some of this stuff with 2FA really isn't that simple and there seems to be an increasing lack of allowance for the fact that people might have a phone die, be stolen or lost, etc. etc. partly due to poorly implemented systems and lacking customer service to make it even more difficult than it needs to be.
 
Last edited:
throwaway4372 said:
2fa is utter garbage imo.
Requires a person to have a telephone at hand to be able to use their computer.
It's like not being able to drive a car without a horse.
Click to expand...
Some 2FA apps such as Authy does offer a PC client, it's what I use, saves the hassle of reaching out for the phone.

I know cloud based 2FA is not the most secure, but it makes it easy for multiple devices as well as when you're moving to a new phone too. As long as you remember the details for it that is... Bitwarden password manager makes it easy too. Again cloud based, but ease of use. While I do have Authy's password saved in Bitwarden and Bitwarden's 2FA on Authy, I do have the password/backup codes noted down elsewhere in case I lose access to both.

I haven't had an issue with HSBC, Barclays, Revolut and Monzo when moving to a new phone either. No calling up required.
 
throwaway4372 said:
2fa is utter garbage imo.
Requires a person to have a telephone at hand to be able to use their computer.
It's like not being able to drive a car without a horse.
Click to expand...
I fully agree, I try to do things on my pc because I don't want to touch my phone.
It's silly how just using your phone for banking for example doesn't require 2FA...

I'm forced to use 1p and before the leak: lastpass at work, I so hate it. Also some customers require other authenticators like Microsoft, PingID, and other ****. Google 2FA is also a a pain, as I manage a lot of stuff for my parents, occasionally you'd get logged out and need to confirm on their phoners grrrr. Finally the official govt login here ''DIGID'' requires 2FA for more and more things, so annoying.

I have wasted more time on 2FA already than I ever will on a malicious user getting into my accounts, damage control for that takes far less time and effort imho.
 
Last edited:
You don't need a phone if the 2FA implemented by the service provider is done properly. MFA is what should be in use and most of the big providers do exactly this. Don't have your phone for 2FA? No problem, use an alternative method instead. 2FA itself isn't the problem, it's poor implementation of MFA by the service provider you are using.

Microsoft Authenticator for all 2FA. It auto syncs to your MS account, simply install on any phone, log into MS account and all your 2FAs resume as normal. It justw orks, been using it years and have at least 20+ accounts added to it for 2FA. Obviously you need to authenticate for the initial login, so use an alt method for that.
 
Last edited:
@Smeghead Can you configure your password manager to use something like a Yubikey for 2FA? I'm using a Titan key as well as a 2FA code saved in Microsoft Authenticator for my 1Password account.
 
Oooh, Proton just fully released their password manager Proton Pass after being in beta for a while. As an existing Proton user I just got free access to it this morning. I think I will try using that for a while as their stuff is usually really good. I think it does 2FA as well but I'm using MS Authenticator for that already.
 
Last edited:
mrk said:
Microsoft Authenticator for all 2FA. It auto syncs to your MS account, simply install on any phone, log into MS account and all your 2FAs resume as normal. It justw orks, been using it years and have at least 20+ accounts added to it for 2FA. Obviously you need to authenticate for the initial login, so use an alt method for that.
Click to expand...
This, Microsoft 2FA works great. Just had to send my phone off for repair so switched back to an old one that had been reset. Install authenticator, restore from backup, job done.

For banking, Starling you record a video of you speaking a code and they manually verify it against your photo ID. Takes a few minutes to get setup again.
 
  • Like
Reactions: mrk
dave28 said:
I have a landline and a smartphone but I dont have a SIM in the smartphone, I just use it as a camera and all its other functions.

A laptop for everything, except for gaming which i use desktops and consoles.

If my smartphone dies it will not affect me one bit whatsoever.
Click to expand...

What if the laptop dies? ;)
 
I'd definitely suggest moving away from Authy and if you're already using bitwarden for your passwords to also use it for 2FA.

If you no longer have access to a registered device, then at least it's only the bitwarden recovery key you need. Once you've got that then you should be able to log in to any of your accounts.

Banking might be a different issue - think they're all tied to your registered mobile number.
 
dave28 said:
i have used laptops for several decades and not one of them died

they had faults but never totally died on me

mostly Dell and most were used business models lol
Click to expand...

I've had more storage drives fail than phones (granted your phone is probably more likely to get dropped or lost than a laptop). Still sounds like you're putting all of your eggs in one basket though - it's just a laptop shaped one rather than a phone shaped one.
 
The steam app is a good example of poor 2fa.

When you log into the app, it asks for the 2fa code. The silly thing is, the code is generated within the app... The same app you want to log into and requesting a code... Generated.by the app :cry: .

AFAIK, it doesn't allow the 2fa code to be added to, for example, Google authenticator
 
You must log in or register to reply here.
Back
Top Bottom