undefined | Better HN

0 pointsNegitivefrags1y ago0 comments

It’s worse in a lot of implementations because often SMS is often used as part of a recovery flow in cases where you lose the first factor.

I find it more secure in some contexts to never give a company my phone number at all if possible, so that it simply can’t be used as any kind of authentication no matter what.

0 comments

smeej1y ago

Yeah, I'd draw a hard line between "SMS 2FA is better than no 2FA" and "SMS should never become a single-factor recovery method."

I agree SMS should never be an option for single-factor recovery.

j / k navigate · click thread line to collapse

0 comments

smeej1y ago

Yeah, I'd draw a hard line between "SMS 2FA is better than no 2FA" and "SMS should never become a single-factor recovery method."

I agree SMS should never be an option for single-factor recovery.

j / k navigate · click thread line to collapse