What about passkeys? If they are more secure as they say, why they do not spread fast?

The other part of that announcement was that "very few people are affected". So I don't see it as an issue for most of us. On the other hand, if you're in government (which they were targeting), or other valuable targets, then you may want to check into alternatives.

SMS 2fa was always insecure anyways because of SIM Swapping. SIM Swapping is when a malicious actor either impersonates you or pays off someone in the mobile carrier company, in order to get your SIM card deactivated and a new one sent to them with your phone number. That malicious actor can then receive your 2fa codes. I encourage you to avoid SMS 2fa whenever possible, and to use more secure alternatives like security keys, authenticator apps, and passkeys, with a set of backup codes or a recovery key as backup. If those aren't available, use email 2fa. SMS should only be used if it is the only option available, or if they do not allow you to activate other forms of 2fa without having SMS as an enabled method.

I generally don't recommend one (didn't need one for the longest time, and haven't done the research). That being said I run BitDefender on my Pixel 6.

If it's been removed, no.

Almost no bank supports hardware 2FA.

@@bme7491 move your account to a bank with better security.

@@bme7491 There is one. It is just a pain to install and remove. I know, because I've done both.

@@bme7491 Some do, most don't.

'This "long" password idea seems obsolete with password handlers that now lock you out after a few bad tries.' Whose handlers? Who locks you out?

Your comment makes no sense unless you refuse to use a password manager. By using a password manager you don't get bad tries.

@@NoEgg4u The bank, paypal, ebay, and most others that have the capability to lose money.

@@zetectic7968 How do I set the password manager to hack someone's account? HACKERS are who try many passwords to hack into someone's account. I would like cheese on my burger.

I do not know pretty much all my passwords. Frankly, in my discussions online and offline. Most users are just lazy. Pure and simple. The next thing you must ask yourself is simple. 'Do you really need to know your passwords?' The answer is, no you do not. I do not need to know my bank passwords. Nor most of my emails. My Netflix. Nor my Uber or Lyft. My router passwords; including my Admin. I have no idea what they are. So that makes me harder to hack. Not impossible. Just harder. Let me be blunt. The bad guys target the ignorant, lazy, weak, and careless. They also target people worth the effort. For example. If you do a search on Google right now. A lot of these 'Tourist Visa' organized crime rings. Are not targeting an 'Urban' environment. Why, common sense and demographics. When poorer people tend to have better physical security, more inclined to fight, and have less expensive stuff. Why would they rob them? On the other hand 'other' metrics dictate. That if someone lives in a house made of glass. Have attractive mates. And wear watches. Worth high five to six figures - Whom do you risk a hefty prison sentence for? The harder it is for a bad guy to brute force your hashes. The more 2F you have. The harder you are a target. Combined with the lower you are on social-economic and 'metric' dynamic. The less likely they are to target you. With any real effort.