> The risk of not syncing — when you lose/reset your phone, so does your OTP app. If you don't have backup codes saved, you're cooked.

Most clued-up places enable you to register a Yubikey as 2FA.

So then it doesn't matter if you loose your OTP app and your backup codes because you've still got a Yubikey.

(And those that don't allow Yubikey, almost certainly will have SMS as a secondary option).

▲

jgilias 5 days ago | parent | next [-]

You really shouldn’t use SMS 2FA. SIM swapping does happen. This kind of depends on the jurisdiction though. In some countries operators won’t reassign the phone number willy-nilly.

Still, better to just not do SMS auth. These days Yubikeys are not that expensive. Get three, register them all at the most important places, and put one at a parents’ place or similar.

	▲	traceroute66 5 days ago \| parent [-]
		I agree entirely. But the point I was making that IF the website does not allow Yubi THEN SMS is almost certainly available, and you should use that as a backup mechanism. Why ? Some sort of backup mechanism is better than none at all.

▲

ac29 4 days ago | parent | prev [-]

> Most clued-up places enable you to register a Yubikey as 2FA. So then it doesn't matter if you loose your OTP app and your backup codes because you've still got a Yubikey.

And what happens if you lose your Yubikey or it stops working? You're back to needing backup codes or an additional 2FA device

	▲	traceroute66 4 days ago \| parent [-]
		> And what happens if you lose your Yubikey or it stops working? That's why you own N+1 Yubikeys ;p Any place that offers Yubikey auth will enable you to register multiple Yubikeys against your account. In all my time on the internet I have only ever seen one place that allows Yubikeys but restricts you to one key.