Replying to Avatar Big Barry Bitcoin

Yes. And yet my bank is adamant in using it and not offering real 2FA.

But to play devils advocate, this is why it is a second factor.

Your password should be strong. If by some miracle, that fails, then your SMS might be your second line of defense.

If just your SMS is compromised, your password is your second line of defense.

The problem is that for most people, passwords are not a very good line of defense. For those same people, 2FA doesn't help, it's just annoying. SMS gives just enough security theatre and resistance that it can:

1. Convince people to accept it

2. Stop enough attacks to reduce business costs and reduce the cost of insurance.

Oh and all this security isn't for you and I, it is PURELY a business decision. All about margins, fees, profits and costs. We know what real user focused security is, it means stepping back and saying "I don't own this".
Avatar
Colter Reed 2mo ago

If your SMS is compromised, they can usually reset your password trivially.

Reply to this note

Please Login to reply.

Discussion

No replies yet.