Have you ever used two factor auth?

Absolutely! I use Google Authenticator for my important sites (Google, Microsoft, banking, domains (except GoDaddy, which they only use SMS), and my website.

Two-factor auth is something I recommend for anyone who has admin powers over a forum. For non-HTTPS sites, especially, since logging in to an unencrypted site via wifi is equivalent to shouting your password across a crowded coffeehouse and anyone who knows what they're doing can then log on as you unless you have 2FA enabled.

 

I mostly have a mix of Google authenticator and sms for my two factor. I even have it enabled on here.

The only time I find it annoying has nothing to do with the app and instead just having to switch between apps to get the code and input it.

 

I used two factor authentication on Blizzard. I find it irritating as hell but its nice to know that your accounts are protected.

 

2-factor auth that depends on a mobile app set up in advance, with no back-up options, has more than once locked me irrecoverably out of accounts when I've lost my phone, I hate authenticator apps SO MUCH. 2-factor auth that uses a code sent via email or text message (especially text) is convenient and secure, and I set it up on any site or app that has the option.

 

I have used 2FA for a lot of my accounts! Sometimes it can be quite annoying since I have a habit of browsing things in incognito mode, so it never keeps me logged in. I find the steam authenticator to be the most annoying since it's necessary to have the app instead of just having a text message sent.

 

I use 2FA/MFA a lot, both professional and personally. When done right, they can make life easier and safer.. when done poorly however... >.>

 

Absolutely, and not just one either since I don't like putting all my eggs in one basket. I have at the most, 3 eggs in one basket. Two factor auth is the smartest thing I can think to do.

 

UPDATE - so according to my IT manager, text-message 2FA is no longer considered fully secure, since text messages are sent unencrypted, and also SIM card spoofing is now relatively well-known technology among hackers. And, obviously, email can be hacked, so authenticator apps or dongles are the secure way to go. 2FA over email or text is still more secure than a password-only (and is still considered acceptable my our IT security guys), and using a password manager (LastPass has a free basic service) with random passwords for every site will also increase your account security a lot.

Print your recovery codes and file them with your passport/etc so you don't loose them! (lesson learned) And I still won't use 2FA apps if they don't provide recovery options at all or nothing other than 'send Blizzard/Facebook your legal ID' - thanks but no thanks, I don't trust you idiots. I'll eat the data loss. (Side note, showing ID to an employee of a private company in person one thing, giving them a *copy* is another, and I better have a better reason than 'I like being level 80', yeesh. I get that the first isn't an option for online companies, but there are other things you could ask for like exact match of billing history or something? I dunno.)

 

Google Auth is my main one and my favorite ;3

 

2FA is used on pretty much any account I have linked to money. Rarely is it actually needed though. Your best bet is a password manager and a unique password for everything, alongside a couple of burner emails. If your passwords are random, they can never leak and most of the time brute forcing reaches "heat death of the universe" timeframes pretty damn quickly

 

The number of 2FAs that have begun popping up is a blessing and a curse - I'm glad to keep information safe for my site (and myself) but hoooo boy can it be a pain if you lose the device/contact.

 

I use 2FAs whenever possible. They can be annoying but it's worth it.

 

I used to use it on Steam but, after an emergency phone number change, I am hesitant to do so again. I know they've added security benefits but... God, the headache when it goes sideways.