2FA isn’t the issue. The issue is single factor logins with only text messages, no password and often no username. Those messages allow anyone who intercepts them to login, no username or password is involved at all.
2FA via SMS is a perfectly fine solution, though there are more secure options like yubikeys or TOTP generation apps.
artyom@piefed.social 4 days ago
This is a crazy problem. Even Apple requires you to use SMS 2FA, and does not let you opt out or use any alternatives.
My employer uses this as well and I was locked out (couldn’t do any work) for an entire day because their SMS messages were not being delivered.
irotsoma@piefed.blahaj.zone 3 days ago
2FA isn’t the issue. The issue is single factor logins with only text messages, no password and often no username. Those messages allow anyone who intercepts them to login, no username or password is involved at all.
2FA via SMS is a perfectly fine solution, though there are more secure options like yubikeys or TOTP generation apps.
artyom@piefed.social 3 days ago
Completely disagree