2 comments

[ 3.1 ms ] story [ 12.9 ms ] thread
Submitted this because although some sites like Vangard allow you to used a security key like SecurID or Yubico FIDO they still require you to have SMS security codes enabled incase you don't have your key. This makes invalidates any additional security keys have over SMS on your account. Would be very interested in HN community's thoughts on this.
And Vanguard specifically only supports Chrome (last I checked), so it's a nonstarter if you primarily use Firefox, even though my Yubikey works fine on other sites with Firefox. Perhaps WebAuthn will fix that, but it's the current reality.

Instead of SMS, I wish more sites would fall back to email. There are a lot more scenarios IMO where I don't have access to my phone/SMS than not having access to email, and most email providers are better protected than SMS.