Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> There's a fingerprint reader on my laptop, face id on my phone, and a yubikey in my USB.

Great! Not everyone has that! I do but if I could only implement one type of 2FA I'd probably still pick SMS.



Everyone can get an app on their phone or computer that supports TOTP, such as Google Authenticator

https://en.wikipedia.org/wiki/Time-based_one-time_password


The problem is customer support load. Also what does the company do about those without a smartphone? No smartphone no service? This is why businesses peg account authentication to phone numbers. It offloads IAM overhead to phone companies.


Who cares. Spend the money on customer service people then. Companies don't need all the profits they make and investors dont need their 10000x returns when 9900x will do just fine.


Here we are on a website centered on an industry that has "solved" customer support by having zero live support. It's RTFM (or FAQ). Sometimes even paying customers get this treatment.


What happens when they smash their phone and now you have to do account recovery? With SMS authentication you can presumably offload that to the carrier.


Far far more people have a biometric reader or smart token than have a cell phone.

Smart phones are obviously phones and have biometrics. What you're left with is comparing the number of people with non-smart phones (~31 million in the U.S.) to the number of people without smartphones but who have biometric tablets, Windows Hello-enabled computers, PIV cards, etc.


Do you have statistics on the number of people who do not have smart phones but do have these other devices? I am not sure the intersection is as high as you imply.


The only people who don't use smartphones and don't have an iPad or similar tablet and don't have a recent computer... probably don't benefit enough from 2FA to justify the risk of account lockout.

In my social circle, the people who don't have smart phones are:

- People with disabilities that make reading from a small screen or texting a lot impractical.

- People who work in harsh environments who want something more rugged than a device made out of glass.

- People wary of the distraction of carrying around an entertainment device.

All of these people except one also have an iPad (especially the first group, as the larger screens help a lot). The one who doesn't does have a Dell XPS 13.


I would wager the number of people in the US with a smart token (I’m assuming you mean something like a Yubikey, ≈22M worldwide, most users have two) is probably close to 1:1.

I would also wager the number of people with dumb phones are close (but not as close) to those having computers without any biometric capabilities (and if they have them, they’re not set up).


Outrageous claims require outrageous evidence.


Yes. They do.


[flagged]


[flagged]


the sheer number of even just active phones in the world right now, vastly outnumbers the amount of biometric/card readers ever made, combined.


I don't know about in the world, but there are approximately 325.4 million people in the U.S. with an active cell phone. https://www.consumeraffairs.com/cell_phones/how-many-america...

Of those, approximately 309 million (95%) own a smartphone. https://www.consumeraffairs.com/cell_phones/how-many-america...

Any remaining gap is filled by a single year worth of iPad sales; or filled by just U.S. DoD-issued X.509 certificate cards.

It's shocking to me how many people are vastly underestimating how many biometric devices and smart tokens are in existence.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: