"You must be able to log in without the use of own electronic devices" gave birth to pre-generated list of (time-based) 2FA codes (for over 3 hours) rule:

u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org · edit-2 23 hours ago

"You must be able to log in without the use of own electronic devices" gave birth to pre-generated list of (time-based) 2FA codes (for over 3 hours) rule:

u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org · 22 hours ago

about as secure as using someone’s SSN for the 2fa

I’ll give you one better. For a certain thing, the university I attend decided to use birth numbers as a password. And that was the only factor.
Mind you, in Slovakia, the birth number consists of birth date + random 4 digits.
Much safety.

Anyway, SSN doesn’t expire in less than 4 hours.

MotoAsh@piefed.social · edit-2 22 hours ago

That’s why it’s ‘about’ as stupid. Many US services only really need basic PII to at least set up an account, which is scarily low levels of security.