Hardcover will be adding 2FA - it's just a question of whether they do it proactively before bad stuff happens or reactively after people start getting their accounts hacked.

It's truly bonkers that even basic 2FA isn't already in place. There are a number of widely-supported, robust libraries for Node.js and Auth.js both.

I love where Hardcover is going, but they need to take security more seriously.

Another user against SMS.

Can’t agree more with what the other commenters said! 🙌 Please avoid SMS at all cost. 🙏

Would love Passkey support as well. Makes it more secure and logging in even simpler. See the Passkey directory for a list of websites that already support them.

As a security conscious person I would love support for MFA using TOTP or hardware security keys. SMS is fundamentally insecure as of 2024 and should NOT be offered as an option.

Definitely don't require SMS. It's fine for non-technical people who don't want to bother with TOTP or passkeys, but it should absolutely be toggleable because it degrades the security of TOTP and passkeys.

https://www.issms2fasecure.com/

if doing so please add TOTP or just support passkeys I'm all in