Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> > Even worse... Sounds like phone number is irrelevant, yet they collect it.

> It's used to store and retrieve your 2fa secrets in case you lose your device

The phone number doesn't store anything?

But if somehow knowing that phone number is a key to getting your 2FA secrets, you'd have a bigger problem.

Except it often is, and that's the problem.



Do what I do and turn off "allow multi-device." Problem solved -- even if your phone number is stolen, they can't recover your 2FA because it's locked to the device too.


You can enable multi device, and have it on multiple devices, then disable it.

https://authy.com/blog/understanding-authys-multi-device-fea...


Yep. I've done this. Lots of people I know use "burner" phones without cellular for 2FA.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: