|
|
|
|
|
|
by procombo
1512 days ago
|
|
|
Authenticator apps, and SMS help them derive you have identity -- which is more secure for them and you. Hardware token via WebAuthn (etc) is only more secure for you. When they say "for the sake of security" they mean for them too. There's a reason they want you to verify using one of the first two methods first. |
|
|
How do they do that?
TOTP (i.e. authenticator apps) is a simple algorithm where the value is derived from a secret key and current time. It certainly doesn't verify anything about you.