People want to start enforcing them everywhere.
Basically out of a notion of having to "save" the ordinary people who don't come up with good passwords.
But if we have to enforce something,
then why not simply enforce really strong passwords?
Furthermore:
I don't like 2FA, in fact I hate it. I don't want access to my stuff be contingent on availability of something physical like my phone.
I can lose my phone. It can break. It can die and I forgot my charger. My charger might break. I can be lacking internet access, the signal may be terrible. It can get stolen. Etc. etc.
Anxiety nonstop!
Plus I hate the sheer hostility of forcing me into this process every time I log into something I varely care about security-wise.
It simply doesn't get more comfortable than a simple password - bam, you're in. Wherever you are.
And security is not a real worry with strong passwords.
Stupid people are stupid people. They will always exist, and you can't save everyone from everything.
This notion that every system needs to cater to the bottom 1% of people without consideration for the 99% just seems ridiculous to me.
So I'm pretty sure 2FA causes permanent data loss to at least about the same percentage of people as weak passwords do, if not more.
Though I'd really like to see statistics on this.
Anyway I'm curious about HN's thoughts against my arguments.
I can't make sense of this hype.
I empathize with your anxiety about losing a physical security device. I feel the same anxiety about losing access to my password manager. What helps me manage my anxiety is having a solid backup framework. The same applies to physical security devices -- having additional backup passkey devices help make me feel more comfortable that I'm not going to lock myself out of anything important.