|
|
|
|
|
|
by Terretta
850 days ago
|
|
|
I agree with you, SMS as implemented almost everywhere* is bad, adding an account takeover path (the reset by SMS) with insufficient value-add to offset that 100% guaranteed (see research I linked elsewhere in thread) path to account takeover. And as to "You're not seriously saying that adding a second factor is reducing security?" -- yes I am, when it's not a second factor, it's implemented as an "only factor". To that point, btw, I'd linked to your other reply about resets from a couple of mine: https://news.ycombinator.com/item?id=39467039 * Note: And by "as implemented almost everywhere", I mean so indistinguishable from everywhere that that effectively boils down to "SMS is bad", much easier for users and builders to understand, when better options are available. |
|
|