Accounts that send a 2fa code to your email rather than using the 2fa code generator you've already setup for that account

JohnWorks@sh.itjust.works · edit-2 3 months ago

Accounts that send a 2fa code to your email rather than using the 2fa code generator you've already setup for that account

Moonrise2473@feddit.it · 3 months ago

Facebook not only sends the code to text without asking, but they love to just directly start the reset password procedure.

Now, that’s super weird. Are they assuming that, because last time I logged in was 6 months ago, I must have forgot my password?

Mwa@lemm.ee · 3 months ago

Steam not having 2fa generator feature:

Possibly linux@lemmy.zip · 3 months ago

I love mandatory sms

CosmicTurtle0@lemmy.dbzer0.com · 3 months ago

My guess is that it’s the easiest and cheapest way to set up “MFA”.

The number of banks that don’t have proper MFA really bugs me.

Saik0@lemmy.saik0.com · 3 months ago

My guess is that it’s the easiest and cheapest way to set up “MFA”.

TOTP is cheaper.

SMS is actually expensive at scale. An example would be Signal, the messenger app that doesn’t use SMS. They have overhead for sending backup codes/new account creation/Verification/etc… https://www.wired.com/story/signal-operating-costs/ 6 million a year. API integrations for SMS messages/codes are still like 1-5 cents per message.

TOTP’s requirements? A reasonably accurate clock on the server, and storing the shared secret in a database.