from Hacker News

Why Hasn't Hacker News Implemented TOTP for 2FA Yet?

by mbix77 on 3/4/25, 7:53 AM with 4 comments

Hey HN,

Been thinking about account security and noticed that Hacker News still doesn't offer any form of 2FA (Two-Factor Authentication). Given the tech-savvy community here, it seems surprising that we don't have this extra layer of security.

TOTP (Time-based One-Time Password) would be a great option to start with, considering its balance of security and convenience.

So, I'm curious:

    * What's the hold-up with implementing 2FA, specifically TOTP? Any technical hurdles or other considerations?
    * How important is 2FA to the HN community?
Seems like a no-brainer to add 2FA and beef up our account security. Thoughts?

  • by freediver on 3/4/25, 8:07 AM

    Low stakes and friendly moderators you can email in case of trouble?

  • by almosthere on 3/4/25, 8:09 AM

    what is being "secured". Is there a hacker news bank I don't know about?

  • by anenefan on 3/4/25, 8:18 AM

    Any forum type site that needs one time passwords or 2FA is obviously too secretive an area for the like of myself to be posting.

  • by LinuxBender on 3/4/25, 12:17 PM

    I would honestly expect the HN crowd to be using long complex passwords. That's probably sufficient for this type of site. I guess only dang could say if HN has been having challenges with account take-overs. I never hear about it. I would not mind having the option to restrict my login to a CIDR block however. I am personally not a fan of adding third party authentication unless it is entirely self hosted and the code is reviewed by teams like NCC.

    For banks and some DNS registrars I use IP restrictions in addition to whatever 2FA usually SMS they support along with challenge questions. Additionally for banks I make most of my accounts read-only from the internet. IP restrictions are a feature their support team dislike as many people think they have a static IP when they do not.