- fucking annoying
- can’t believe they sold people that it’s BETTER to have to get your phone out to login
- incredibly annoying
- if you’re using this willfully you’re clearly just as worried about security as before anyway
- companies love having real phone numbers to pair with ‘their’ data
There actually are lots of things it’s been used for in addition to stealing 2FA codes. SMS based 2FA is better than no 2FA at all, but it’s insecure and not recommended to be used when dedicated authenticators are available instead. The NIST has warned against their use since 2016.
you seem to be limiting it to sms. you do realize your talking to a person who mentioned microsofts option to call you and you hit pound. They actually have an app where you input a two digit number and if anything I would have liked them to expand the phone call function with that. Anyway I was not speaking about sms but I still feel the vulnerabilities are overblown when used with a good password.
deleted by creator
That’s semantics, the same insecurities apply to all telephone based methods. I personally wouldn’t want my phone company’s customer service to play any role in my online security. Even Microsoft wants people to stop using them.