|
|
|
|
I'll always setup an authenticator app and put SMS just as a backup
|
|
13 points
by omidfi
3187 days ago
|
|
|
I spent three days on emailing and calling Amazon UK, to be able to get into my account. I have 2 phone numbers registered in the account, and none of them recieved the text messages that had the security code! Amazon support was funny, it took me sometime to see clearly that they are just sending me different message templates. It was a loop: 1. I sent them an email.
2. They asked me to call.
3. I called and they sent me the security code to my phone, which I still didn't recieve.
4. They asked me to send an email.
5. They replied with: please call us! I'll always install an authenticator app instead of relying on text messages from now on. |
|
|
https://techsolidarity.org/resources/security_key_faq.htm
there are at least three reasons why you should avoid using text messages for two-factor authentication.
· Your phone number can be easily hijacked by someone who calls the phone company and pretends to be you.
· The text message can be viewed or redirected while en route to your phone.
· Many phones are configured to display text messages on the lock screen.
If text messages are the only way to add two-factor authentication to your account, they are better than nothing. But if you can use an alternative method, like an authenticator app or a security key, use that instead.
https://news.ycombinator.com/item?id=14106578
> tptacek: The real answer for "why not SMS" is "because both teenagers and intelligence services can get a phone number redirected; your phone number is not your phone."