[smeyer]

Can you expand on your preference for SMS password resets to email password resets? As a user I prefer email, but I'm biased by the fact that I used email for a decade before I had SMS and I've had a malicious actor gain control of my phone number and receive SMS on it but never had the same with email.

[thaumaturgy]

Sure, it's basically just down to those problems with email deliverability. As you correctly point out, SMS isn't a perfectly secure solution either; however, I almost always receive an SMS for authentication within a few seconds to a minute, and only in a few cases have never received the message at all.

If text messages were abused to the degree that email is, and all kinds of different things were developed to try to "solve" that abuse (as has happened with email), then deliverability would suffer and it would be a coin toss for which approach to use.

[davchana]

Would you please elaborate how someone took over your phone & sms? This is my nightmare..