Comment on MFA
KairuByte@lemmy.dbzer0.com 11 months agoSMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.
Comment on MFA
KairuByte@lemmy.dbzer0.com 11 months agoSMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.
Opisek@lemmy.world 11 months ago
What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?
KairuByte@lemmy.dbzer0.com 11 months ago
I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.
lorkano@lemmy.world 11 months ago
Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.