Eh... I hate 2-factor, especially phone/e-mail. The current setups with password-only logins, especially the useless C0mp1eX! requirements, needs help, but I'm not so sure this is the right solution. I still have multiple users in my office that can't handle SMS 2-factor authentication (seriously).
Smartphones haven't been reliable for me. Apple, Samsung, Motorola, all have been unstable for me. Overheating, locking up, spontaneously rebooting, and battery issues. Add in all of the things which have to go right for this to work and no thanks. Bluetooth's gotten better over the years but still isn't as seamless as it should be.
One of my condos replaced our 24/7 security guards with a "cloud" entry system where they want you to download a Chinese app to your phone to gain entry. Useless thing. For it to work: 1) There has to be power, 2) Their Comcast connection and router have to be working, 3) the gate system keypad/controller have to be working, 4) the gate system's cloud servers have to be working, 5) the larger internet has to be working, 6) the cell connection has to be working, 7) my phone has to be working, 8) the app has to be running and working. No thanks, I'll just enter the 5 digit code or copy of the barcode I made and go on my merry way.
I don't have a problem with it existing, but I don't see this as THE solution. It's just going to change the bad actors' targets from desktops to phones and Bluetooth. Anyone have a FlipperZero? After all, most people keep their entire lives on their phones, passwords, accounts, and all. Read up on the recent YouTube cookie / session hacks and it's not a stretch to port those type of hacks to infiltrate this type of system. At my office we use token (public/private key deal) + password, which is better than a password alone, but is far from infallible.
Originally Posted by
gfunkdave
I think Google throwing its weight behind it will do a lot for that.
Given Google's extensive history of coming up with something and then getting bored and discontinuing it doesn't rub developers and programmers well. I personally spent many hours chasing my Google's ever-changing APIs before finally giving up.