Y
Hacker News
new
|
ask
|
show
|
jobs
by
jxcl
2354 days ago
If you allow fallback to SMS instead of TOTP, your solution may be more secure than no 2FA, but it’s no more secure than SMS either.
1 comments
philnash
2354 days ago
But as I said towards the end of the previous comment, if you deem the threat to your users great enough that targeted SMS attacks are a problem, you can turn off that fallback.
link