Ask HN: Why do some services allow you to routinely bypass 2FA

1 points by prmph ↗ HN
On GitHub, I have 2FA active. Whenever I try to perform some sensitive action, I'm presented with a 2FA challenge. But there is the option to simply use your password, at the bottom, which I have used frequently.

So why present the 2FA prompt at all if I can simply choose to not use it? Maybe I have that option because I'm accessing from a registered browser. Whatever the case, it's a redundant prompt.

I've seen this pattern on other online services, for example Wise.com

2 comments

[ 3.3 ms ] story [ 17.1 ms ] thread
My hosting provider used to let me bypass 2FA because they "fingerprinted" my browser (whatever that means). Thankfully they've dropped that insane idea and now force 2FA every login.