|
|
|
|
|
|
by philnash
2348 days ago
|
|
|
I shy away from any rules that say you can’t mess something up simply by avoiding one thing, especially in this sort of case. Consider also that avoiding 2FA by SMS may avoid sim swap or recycle attacks, but it could also eliminate 2FA for users who don’t have a device capable of running an authenticator application (a feature phone). There’s a lot more at play here, and “just don’t” isn’t a nuanced enough answer to 2FA by SMS. |
|
|