SMS 2fa on banks is not as bad as you’d think.
- They settled on SMS before there really were choices, and banks are slow to change
- Banks long since realized SMS was inadequate and use additional security. I imagine all banks in US, but certainly the biggest ones, invested in profiling software that looks at your behavior and device to rate every transaction by additional risk factors. They’re already pretty confident nothing bad is going on
halcyoncmdr@lemmy.world 5 months ago
The worst part of those is when they do support 2FA, but it’s text-only. No app authentication or hardware key option.
Like it’s something, but it’s easily the least secure option, and probably the most expensive since it requires operating an additional SMS portal for those codes.