[gridspy]

The GP is talking about SMS for 2fa. Much better to use an app like Google Authenticator or a secure token which doesn't rely on 3rd parties (mobile phone companies) being secure.

We all agree that 2fa is good, that is a moot point.

[adgjlsfhk1]

oh yeah, authenticator apps and hardware keys are way better than sms, but I worry a little about demonizing sms 2fa too much since plenty of (especially older) people don't have smart phones, and are never going to use a hardware key. since any 2fa is a huge step up, I think sms based 2fa is likely good to promote in tandem with the better methods. (that said, it drives me insane that most banks only offer sms based 2fa. that should be illegal)

[PowerBar]

Do NOT use Google Authenticator unless every account you use it for has an alternate MFA option (backup codes, etc) that you've confirmed work. It does not sync to your Google account and there is no way to back it up (even manually). The moment your phone gets stolen, breaks or dropped in a river, you will learn a very quick lesson about MFA backups/alternates.