• @[email protected]
    link
    fedilink
    English
    898 months ago

    SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.

    • @[email protected]
      link
      fedilink
      English
      508 months ago

      What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?

      • @[email protected]
        link
        fedilink
        English
        108 months ago

        I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.

      • @[email protected]
        link
        fedilink
        English
        88 months ago

        Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.