- cross-posted to:
- appsec@infosec.pub
- security@programming.dev
- cross-posted to:
- appsec@infosec.pub
- security@programming.dev
You must log in or # to comment.
I’ve made the argument before and continue to stand by it. SMS as an MFA factor will always be a weak second factor. It’s not really “something you have”. It’s just a time limited second password. This is fine for low security applications. But, if you need higher security, go to smartcard, yubukey or something that must be physically present.