I don’t hate totp, I just recognize the faults in it.
Same, I wish I could use security keys everywhere. I have an older YubiKey (version 4?), and it doesn’t get used because only like 2 services I use support it, and those support TOTP. I would switch all of my banks today if I could.
So I stick with TOTP because it’s “good enough” and works everywhere. If I had more than a small handful of services that worked with my YubiKey, I’d absolutely bring it with me everywhere.
hate the trend of companies requiring an app for 2FA…
Yeah, it totally sucks. I have decided to just not install apps if I can get away with it, which is nice because tons of them don’t even work with how my phone is set up (GrapheneOS, no Play services). So I’m going to be a thorn in their side as long as I can. They should just support TOTP since it’s already ubiquitous, and ideally also support security keys.
Exactly. Just like any other kind of proselytizing, it’s better to just live by example and answer questions as they come. For example:
People aren’t going to change their behavior because you’re pushing something on them, they’ll change their behavior if they see something they want more than what they have. I think more people should self-host, but I don’t get anything from others switching, nor do I have much control over them deciding to switch.