undefined | Better HN

0 pointsjxcl6y ago0 comments

If you allow fallback to SMS instead of TOTP, your solution may be more secure than no 2FA, but it’s no more secure than SMS either.

0 comments

philnash6y ago

But as I said towards the end of the previous comment, if you deem the threat to your users great enough that targeted SMS attacks are a problem, you can turn off that fallback.

j / k navigate · click thread line to collapse

0 comments

philnash6y ago

But as I said towards the end of the previous comment, if you deem the threat to your users great enough that targeted SMS attacks are a problem, you can turn off that fallback.

j / k navigate · click thread line to collapse