[djjaxe]

> This sounds less convenient, harder to implement, and no more secure than OpenID

In what way is it less convenient? A standard user has their phone with them...24/7? At least in the sms realm it's more convenient than trying to come up with a password that has: A capitol letter, a number, a special character, a lower case letter. Also way more secure, a user gets sent a message of a one time code looking like 037.820.374.839 the time it would take to guess that, the one time code would have been timed out and the hacker would have been no closer to getting in compaired to a static password.

[jimktrains2]

Not everyone has smart phones.

Not everyone that has smart phones keep it on them all the time.

Not everyone that has smart phones that keep it on them all the time have a working (charged) phone all of that time.

[djjaxe]

> Not everyone has smart phones.

> Not everyone that has smart phones keep it on them all the time.

> Not everyone that has smart phones that keep it on them all the time have a working (charged) phone all of that time.

What do smart phones have to do with sms?

[jimktrains2]

Disregard that adjective:-p I'm an idiot:(

[djjaxe]

Not an idiot :) You make a good point that people don't have their phones on them & alive all the time which is where totp can come in with dongle totp's (like http://www.securemetric.com/secureotp-time.php) agreed it costs you a fair amount but if you want secure when you don't have your phone... it's worth it. And then maybe like google have a few longer random passwords that are to use when you don't have your phone or a TOTP/OTP generator.