The convenience is that people don’t drop their phone in the toilet and suddenly lose access to all of their accounts.

drillsteps5 5 days ago | parent | next [-]

Why would you have passwords/credentials to your accounts (including financial accounts with tens of thousands of dollars) on a device that not only you can drop in the toilet, but also lose, or get stolen, or hacked? Do you have any idea what access all your cute apps have to the contents of your device?

	▲	nixosbestos 4 days ago \| parent \| next [-]
		> Do you have any idea what access all your cute apps have to the contents of your device? Yeah, I do. Do you? Because it's certainly not what you're implying
	▲	hocuspocus 4 days ago \| parent \| prev [-]
		Both mobile OSes offer pretty strong app isolation and mitigation against malware, most people don't need to worry about Pegasus level of threats. Google took forever before adding cloud-sync to their TOTP app even though pretty much all the other ones did it from day 1. And I bet a non-trivial amount of people got locked out of their accounts because they hadn't reliably stored recovery codes. Financial services are actually the least of your worries since you can get ahold of customer service and eventually recover your credentials even if it takes a few days and some snail mail. However if you lose access to Gmail or Facebook, good luck unless you know an employee.

▲

Flimm 5 days ago | parent | prev [-]

I agree. I wonder if there is a good compromise between convenience and security, though. For example, before allowing Google Authenticator to sync for the first time on a new device, maybe notify the user on all devices and enforce a 72-hour delay, or wait until the user approves the new device using an old device (in a way that is hard for a scammer to pass off as legitimate).