this post was submitted on 17 Jun 2026
328 points (96.1% liked)
Technology
85570 readers
3962 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I changed banks when they asked for 2FA.
Why?
I refuse to have a phone line. I only get one for a month when I'm looking for a job. Got tired of paying a subscription fee just to get spam calls. All my communication is done through messaging apps and the only time I don't have access to wifi is when I'm driving.
And because SMS 2FA is actually opening a common attack vector. I have yet to find a credit union I qualify for that uses TOTP or Yibikey.
That still requires getting personal information about the user, which is often enough without 2FA. 2FA still makes it more secure than not having it. It's still a vulnerable step though, so users should be aware of that.
Start talking to someone at the credit Union. They are run by people, you might be able to convince them the risk and implement a safer method
Just a heads up, you can get a free phone number from Google, and probably other providers. If you've got a computer of some kind and an internet connection, you can make calls and texts from there. If that's all you're getting a phone for, don't bother with the actual device.
https://support.google.com/voice/answer/115061?hl=en&co=GENIE.Platform%3DDesktop
I don't know about Google's "free" numbers, but third-party VOIP numbers are usually blocked for 2FA verification. I've tried that. Most places won't accept it, because they know you're trying to get around the tracking. The 2FA isn't the point, and the cost of the phone isn't the point, the tracking is the point, and Google's "free" numbers are absolutely tracking you just as effectively as any telecom is.
Google Voice user for 15 years and I've had about 3 instances where my number wasn't usable for 2FA, mostly because, to your point, by the time companies that care about security learned about voip #s they realized they are mostly used legitimately and sms was insecure anyway. Luckily I found a great FOSS auth app, which I prefer to sms anyway; especially if traveling I don't have to depend on a mobile connection to be able to complete 2FA.
As another og Google voice user, i've noticed that a lot of services that let me sign up with Google Voice 15 years ago don't let you do it anymore. Now they detect that it's a VoIP number.
I use SMS Pool
Yeah, it isn't good for 2FA, and obviously your data is being collected. If all you need it for is job applications though, it does that.
Probably SMS or in-app 2FA. That's what annoys me about banks: they claim to do things for security -- which in their case it makes sense because they don't need to harvest data to make money -- but then go ahead and roll their own instead of using standards.
In Sweden the banks offer a choice between an app and a hardware token. You can just go with the token then.