Two-factor authentication is underimplemented and underused - how many Mastodon folks here have enabled it in their account? It's a great defense against spyware.
As someone technically inclined, I use it but regardless of which factor I'm using (andOTP, Google Authenticator, SMS) I'm always uneasy about backup codes. They seem so easy to ignore or lose, and storing them digitally can undo any second factor security added.
Possibly my worst experience has been with my credit union. To even get two-factor authentication I needed to call them and ask for them to enable support for it on my account, then set it up while on the phone.
They don't have backup codes either, but since I can call them I'm not too concerned about this as much as I would be with PayPal.
After setting it all up, I found the second factor is only used in special circumstances such as changing my password or sending money to new recipients.
Welcome to thundertoot! A Mastodon Instance for 'straya