Why the fuck some shitty companies like google or yahoo or twitter require a phone number to enable 2FA...

Why the fuck some shitty companies like google or yahoo or twitter require a phone number to enable 2FA? Just give me the secret key and shut up shitheads. What is that? Collecting phone numbers in exchange for security? Fucking shitheads

How are they supposed to send the key without a way to send it?

Because fuck yo shit nigga

>just give me the secret key
And how would you suggest they transmit it to you? The point is that your account does not become compromised if an attacker has obtained your password, because they would require also the ability to intercept your texts.

I'm talking about TOTP 2FA, not SMS. You know a key, server knows a key, both of you combine it with the current time and generate a TOTP token (the 6 digit number that changes every min).

Because yhen their support center would get retards calling everytime their clock changed

Its just a ruse to collect your phone numbe so that they can sell it to advertisers or any other party interested in buying phone numbers for such

to corrent that, you and server knows the same shared key, not different ones and you compare the generated tokens from you and the server, if they match access granted

If you go to your google account you'll find multiple types of 2FA, SMS, Yubikey and such, SMS and TOTP. They require a phone number to enable TOTP type of 2FA which is not needed to work

Yandex doesn't require phone number.

Many more that are not shitheads like github, dropbox, microsoft accounts, origin, etc etc

Google is the company that developed U2F you retarded nigger.

I'm not talking about U2F incompetent idiot but about simple TOTP

>github
>dropbox
>origin
I thought that was mail server conversation.

So they asking for your phone number doesn't look as creepy as it would otherwise.

why require it if it isn't needed, that's my question

They need it for different purposes (making your database record more accurate) and use the whatever bullshit you fell for as an excuse.

>not having a phone with 2 sim cards
>not putting a prepaid sim in the second slot
>not setting all your 2fa to the second sim

Motherfuckers! I didn't enable it though

>implying a TOTP app wouldn't sync time with NTP

Adding a phone number in is just one step in many.
A very precious one, but there are more. Like, say, connecting all your ""google services"" accounts under one name, so youtube, g+, gmail, whatever else.
I still remember the bullshit I had to go thru to _not_ have the same screen name on yt and gmail.

There is a revolutionary new technology called QR codes

not to mention using SMS for 2FA is fucking deprecated.

The motherfuckers are very persisant. I have 20-30 different google accounts before the required phone number to register and then used many times k7.net to verify youtube/google accounts. Nowadays you need a fucking phone for everything

And proven extremely insecure, since most phone companies will happily make someone a sim card for a given number with a little bit of conventional "hacking". Read: Calling their support center and being remotely intelligent with your words.

Using a Yubikey for 2fa does not require a phone number.

Are you sure? I think you need to provide a phone number and verify to be able to choose other 2FA methods

>what is google authenticator

A TOTP token generator that gets the secret key in QR form and needs phone verification first to be able to use it

>Collecting phone numbers in exchange for security?
uh dude they produce android

My phone number is linked, but it is a number dead for years.

I was still able to use a yubikey.

Problem is with my older accounts that were never provided a phone number they can't use 2FA

>A way to show text as an image
>Helpful in this case
????

dude can you even encryption

Because some people are normies who like iPhones

With all the data breaches and other bullshit I would rather not have my personal identity tied to what I do online. Fuck integration, watertight compartments to keep the damage to a minimum.

If it is targeted at normies, why don't they follow through?
Normies are shit with security.
Normies let the top of their texts be seen when the phone is locked.
Why not make the message "\n\n\n\n\n\nYour code is GQWERTY" instead?
Maybe throw in some information about the login or something if they thought normies wouldn't be able to read the message then.

Not text, data. I dont get what did the guy whom i replied to meant, but secret key needs to be transferred only once and its easier with qr code shown on computer screen instead of SMS.

Since when is a phone number part of your personal identity?

Seding data as an image is exactly the same thing as sending it as text.