|
|
|
|
|
|
by ravenstine
850 days ago
|
|
|
Plus you have to consider the amount of support you inherit when using something less universal (and generally fool-proof) than SMS. "The one-time code won't work!" "The authenticator app doesn't work!" "The email takes forever to arrive!" "I never got the email!" Most of that sort of thing goes away with SMS. It's not that SMS never fails, but every mobile device takes it, it's relatively simple, and very reliable. An alternative approach may be more secure, but require more hand holding, and not every organization wants to do that. In a similar vein, it's not necessarily prudent to do everything that infosec experts espouse. For an analogy, businesses should consult lawyers, but if they follow every bit of advice from a zealous lawyer, they might never take necessary risks that allow the business to achieve excellence; as well, they may need to dedicate substantially more time and effort on compliance. |
|
|
I do agree with your statements.