Comment on MFA
KairuByte@lemmy.dbzer0.com 7 months agoWhy?
Totp is easier, cheaper, and more secure. It makes no sense to go with SMS.
Comment on MFA
KairuByte@lemmy.dbzer0.com 7 months agoWhy?
Totp is easier, cheaper, and more secure. It makes no sense to go with SMS.
possiblylinux127@lemmy.zip 7 months ago
For one that requires more training and support. However I think the biggest reason is that it is predictable
KairuByte@lemmy.dbzer0.com 7 months ago
Poorly secured keys usually still require device access, unless they are secured so poorly that the individual would be compromised in one of many other ways regardless.
Stealing a phone number requires, at most, paying off an employee at a telco company. At best it just requires a call and some social engineering. And don’t forget, people who leave their phone laying around without a passcode exist.
Now, neither of these are really options for a dragnet approach, they’d need to be targeted. But the fact that one can be done fully remote should be a red flag.