Hacker News new | ask | show | jobs
by chrishas35 1473 days ago
> Appleā€™s implementation uses SMS as a backup.

I hope they'll go away from this, or at least give the option. I won't use their password/key storage until they do. 2FA is only as good as the weakest link, and SMS is the weakest possibility.
3 comments
daveoc64 1473 days ago
I don't think they can get rid of it, as not everyone using Apple's services has a supported Apple device.

They don't offer a standard like TOTP, so SMS is the only option.

link
r00fus 1472 days ago
Is it possible to disable SMS at the carrier level?
link
bloppe 1473 days ago
2FA is as strong as the strongest link, not the weakest. You need both factors, not either factor.

In this case, it's just that one of the factors has a weak backup option.

link
avh02 1473 days ago
Until the "try another way" option is a weaker form of 2fa, like sms.
link