I originally wrote this off my chest because i was so furious and angry about being forced to use the two Factor Authentification almost everywhere and provide them with your phone number but when i was done writing, i thought it would be interesting what ya'll think about it. Do you feel the same or you think it's a good thing?

But keep in mind, I'm not talking about 2FA as an option. This is only about being forced to do so.

Below is my initial Post if you're interested

Spoiler

Sorry this has nothing to do with anything related to this forum or the sister site but i just need to get this off my chest...

I've already lost so many accounts on so many different services just by losing the ability to log in into them even though i rarely forget my username or password. email accounts that i've had for decades and tied to a lot of other services. Just because they start this bullshit out of nowhere and you are being forced to use the two factor authentification or you just simply can't log into your own account anymore.

I mean I get, it's their sites and services, they make their own rules, but c'mon, you put your trust in them and suddenly you can't verify you're the owner of other accounts, because they are tied to that email adress.
I don't want to give my private phone number to every fucking company in this world and even if i did... the sim card i'm using is from my work. what if my employer decides to cancel the contract or fire me... then i'm fucked and i'm not gonna switch sim cards 5 times a day. well sometimes you can verify with another email adress... but well then i just can't log into my second email adress for the very same reason. I JUST DON'T WANT THAT FUCKING 2FA SHIT ON EVERYTHING!
It's ok if you make it optional but being forced to use it, i think its just not ok. if i lose it because someone really finds out my password, i'm fine with it, it's my own fault then, but give me the fucking choice.

i tried to log into my real-debrid account today. for whatever reason it tells me i need to verify i'm the owner because of my location... well i'm at home, the same home as when i made the account... on the same devices. i used a fake email adress to create that account, like i always do when it comes to download services, because of law in my country is very strict for pirating... well, but i still knew the login data for that email adress and now i can't verify because of the phone number. i think this is getting out of hand. It's really not funny and when you lose your phone number, this does you no favor. it will once again lock you out of your own account. And yeah, i almost never use my real name. maybe i'm a bit paranoid, but i just don't like to throw my personal data around everywhere.

I'd be very grateful if someone could recommend me some email providers that DON'T and WON'T EVER force you to using the 2FA. Give us the freedom of choice back.

 

Last edited: Jun 26, 2025 at 4:04 AM

Absolutely Optional.

The last thing I want is to pass my phone number around more than it's already being passed around now. I avoid it as best I can. I trust strong 22 character passwords for sites I care about. I do not trust/store sensitive personal items in cloud services.

I do use 2FA for Banking/Utilties/Various Payment Accounts.

I have Proton/Tutamail accts, and no Google/MS/Meta/Social Media accts = no forced 2FA

*Real-Debrid has never asked for 2FA in my 2 years of usage up to today. Try changing VPN locations, possible banned IP range may cause extra security checks.

 

Proton won't force you to use 2FA, they'll recommend but not force. I think? an email address is included in the free tier.

You can also use dummy SMS services, but the free ones are really only suitable for one time use as the numbers are public and not unique.

You can also try using a free VOIP number in place of your actual number. That may or may not be accepted depending on the service you're trying to sign up with. And what is available to you in the first place depends on where you live (unless also using and able to acquire the number while on a vpn server).

 

Anybody that actually forces me to use to use 2FA (short of something serious like banking) can eat shit right out of the darkest part of my ass.

 

thank you for your response. Great to see I ain’t the only one who thinks about this like that.

I can only agree with everything you say and I didn’t even think about online banking and anything involving money/crypto. But now that I think about it, that’s something I totally understand.

thanks for your advice, i think I’m gonna use proton for everything from now on. Sounds great, I didn’t know about it.

and about real-debrid. I know this might seem contrary to everything I said in the initial post, but tbh I didn’t even use a vpn for logging into real-debrid. This also has never happened to me before, it was for the first time today. I used the same network and the same devices as always. It happened to my phone, so I tried it on the notebook and it still asked me to verify. Then I tried to log into that email account, I especially created for real-debrid just to see it also wants me to verify a random number i just typed in cause I thought i would never ever need that account again. Well guess I’ll have to make a new account, this time with proton and never look back again.

thank you

thank you for your response and for recommending proton. That’s what I’ll use from now on. I really didn’t know about it.

i also tried dummy sms services in the past but most of the time they didn’t even accept the numbers as they might have been used by other users before. And it’s also a bit of a hit or miss situation, because if you mess up and choose the wrong service you might be in the same situation and lock yourself out.

do VOIP numbers also provide sms services? You see I have no idea about this, I really didn’t think about it much in the past because so far I was either able to avoid this 2FA stuff or I just moved on. But within the last couple of years it has become extremely hard to avoid it since almost every major service now forces you to do so. But I think proton is a very good recommendation that will serve me well in the future, at least for the email verification stuff.

I couldn’t even try to find better words. So I just second that!
Thank you

 

I don't know if every voip service does ( I dont see why not), but some of them certainly do. I have a google voice number I use for spam on anything I might need to revisit or for things I actually use but aren't my financial/medical/etc logins, which is handy cause that also ties into my spam gmail accounts that are solely used for.. well, spam and the like. Simplifies things to keep the fake creds under one house if that's an option for you.

Some services, while requiring F2A, will also let you choose the authentication method if you temper the boiling blood enough to first read the options
I again use google for that just to keep it simple, their authentication app tied to my phoney number and gmail accounts. Otherwise Proton services generally cover the rest of everyday credential, security, and data needs that most people would make use of.

 

Steam forces you (in a way). It's optional...but...you can't post in forums if steam guard is not enabled, which is 2F auth. You do get the option for email or phone, but still...

 

real-debrid asks for 2FA when you first start using it. After that you do not need to do it again. I did not have it long ago enough to say if that is a change. It may go like 30 days and then ask again, but it is very infrequent if at all.

If something wants to nag you to re-verify more often than that, it's annoying. It's not as secure as some claim it to be, unless it is to an external device like your phone. Often user behavior ends up making it less secure by leaving possibility of "lost credentials retrieval" results. When you add allowing your browser or password manager to generate very complex passwords, the most likely person to lose access to the account is you.

 

Most of the 'protection' features on the Internet are ways to collect data, force you to disable browser security features and so on.

 

Depends on the 2FA method for me. I have KeePass with a shared password database on all my devices. I enable TOTP 2FA if the site lets me - worth the 3 seconds of extra effort when logging in on a new device. Some sites also offer TOTP as an additional option for recovery in case you lose access to your mail account.

Mail 2FA and login links via mail are ass. "We sent a notification to your phone" is worse.

Text messages though - not happening. But the last time I needed a phone number was long ago - for Telegram.

 

As computer crime, with all its associated fraud and theft, increased dramatically, security naturally also increased dramatically. Some providers now require strong passwords (long ones with special characters and numbers). Windows 11 has also become somewhat more secure. The billions of dollars in losses caused by ransomware and other threats worldwide could no longer be stopped.