• AlotOfReading@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      The security level should be the user’s choice. Maybe I don’t care if my neopets account is hacked. Maybe the 2fa offered actually decreases security, like the SMS 2FA required by my 401k account that can be used as the sole recovery factor, bypassing the password. Maybe I’m accessing from a system configuration that makes 2fa really annoying, like a build system running inside a fresh VM on every run.

      The service doesn’t have the context necessary to know when 2FA is warranted.