Hacker News new | ask | show | jobs
by zulln 2355 days ago
If it is enough with access to the phone number, no password needed, then it is no longer 2FA.
1 comments
Thorrez 2355 days ago
Sure, but 17 websites do this. For those websites you introduce significant weaknesses if you enable SMS 2FA.

https://www.issms2fasecure.com/

link