Comment on MFA
KairuByte@lemmy.dbzer0.com 2 months agoSMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.
Comment on MFA
KairuByte@lemmy.dbzer0.com 2 months agoSMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.
Opisek@lemmy.world 2 months ago
What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?
KairuByte@lemmy.dbzer0.com 2 months ago
I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.
lorkano@lemmy.world 2 months ago
Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.