You must log in or # to comment.
got hired by a new company. every fucking day I have to MFA to use the VPN. then I have to MFA to sign into email. Then MFA into tickets. MFA into confluence. MFA into git.
and then I have to do it all over again 4 hours later after lunch.
Every time I read comments on posts like these, it reaffirms to me how the average person does not give a shit about real security or is completely ignorant to how and why these extra safeguards are used. Lemmy, I would assume, has a higher than average tech knowledge amongst it’s user base vs many other platforms, but the sentiment often that of, MFA and needing to login to a bunch of separate applications is too much work and the people that designed them don’t know what they’re doing. It’s a bit disheartening.
GoDaddy sends a confirmation email for updating DNS. It does not ever arrive faster than 10 minutes from the time they claim they will send it, and sometimes it takes up to 15 minutes. The code expires in 20 minutes, so if you switch focus to something else in the mean time and miss the email and the code times out, you have to send another one and just sit there staring at the email inbox. I have lost hours of my life to GoDaddy MFA. Not all MFA is stupid, but their implementation is amazingly stupid.
Another bigass reason why godaddy sucks lol
Yes, I can’t defend dog shit implementation. There are enough authenticator apps available that anyone reputable should use one instead of the less secure email or SMS.
A minor annoyance now to avoid a major headache later. Worth the trade
It’s been nothing but a headache for me with no benefit
This is a misunderstanding. You can’t possibly know if there’s been a benefit, because you wouldn’t know unless your account was compromised. The mere presence of 2fa on an account will stop credential stuffing attacks dead in their tracks.
It’s like saying “this lock on my door is pointless because nobody has broken into my house”.
No it would be more like having the key to my house, but after I use the key I can’t get in and have to wait for a text and verification email before my door opens
The clunky user experience in the analogy isn’t wrong but is focused on the wrong thing, having locks is already an annoying user experience.
Having to carry keys everywhere and juggle shopping when opening my door sucks. It would suck more if someone entered my house and stole my stuff so I accept the trade off.
It’s the same with MFA. We all accept a worse user experience for significantly improved security.
Ok. Why don’t you try explaining how digital security works to the security professional some more. I’m sure you’ll convince me real soon 😜