• @[email protected]
    link
    fedilink
    English
    81 year ago

    Of course it’s avoidable! Phone spoofing has been known to be a vulnerability for years, yet so many companies still insist on using SMS for 2FA “for security”. ffs, if you are concerned about security, use a proper TOTP or HOTP, or a hardware token.

    • Zagorath
      link
      fedilink
      English
      51 year ago

      Hear, hear! SMD 2FA is absolutely better than not having any 2FA, but it’s still pretty fucking bad. TOTP, or even better FIDO2, should be used as the default standard.