• KairuByte@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    91
    arrow-down
    1
    ·
    9 months ago

    SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.

    • Opisek@lemmy.world
      link
      fedilink
      English
      arrow-up
      50
      ·
      9 months ago

      What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        10
        ·
        9 months ago

        I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.

      • lorkano@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        9 months ago

        Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.