|
|
|
|
|
|
by tialaramex
2431 days ago
|
|
|
If it's 2FA and not an account recovery short cut it doesn't deserve a cross mark because it's not _worse_ than nothing - nobody is finding it _easier_ to get in by hijacking your phone number as an extra step. If your argument is that phone based 2FA is no good because it's vulnerable that'd count for TOTP as well, which is vulnerable to live phishing attacks that are now relatively widespread. In both cases they're a lot better than nothing. |
|
|