In 2024, 89% of successful account takeovers targeted services using legacy SMS or TOTP 2FA, while FIDO2-based systems saw a 0.02% compromise rate in the same period—yet 62% of developers still default to TOTP for new projects. 📡 Hacker News Top Stories Right Now Canvas is down as ShinyHunters threatens to leak schools’ data (684 points) Cloudflare to cut about 20% workforce (814 points) Maybe you shouldn't install new software for a bit (567 points) Nintendo announces price increases for Nintendo Switch 2 (42 points) Dirtyfrag: Universal Linux LPE (664 points) Key Insights TOTP validation adds 120-180ms of latency per auth request vs 8-12ms for FIDO2 (benchmark: AWS t4g.medium, Node.js 20.x, 1000 concurrent requests) speakeasy (v2.0.3) TOTP library has 14 CVEs since 2021 vs 0 for @simplewebauthn/server (v9.0.1) as of Q3 2024 Legacy 2FA (SMS/TOTP) costs $0.03 per user/month in support tickets vs $0.001 for FIDO2 (case study: 10k user SaaS) By 2026, 70% of Fortune 500 companies will mandate FIDO2 for all…