This should be far more secure and privacy friendly than a Sim card of a cellular connection. Why isn’t this done more often? What are the Pros and Cons. I bet the price is similar as well.

  • JustEnoughDucks@feddit.nl
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    2 months ago

    That is a completely separate issue from the above commenter.

    You absolutely cannot get 2FA authenticator codes from 90% of services

    A shockingly large amount of companies demand phone numbers and send verification texts before allowing you to do business with them, to create an account, to recover an account, to delete an account, to place an order, etc.

    They really shouldn’t, it’s a bad security practice but companies love it because with a phone number they can lower support costs by just allowing people to do a self-service where they get an automated text and can unlock their locked account.

    Also an issue, but indeed a separate issue from using unsecure SMS as TOTP.

    • delirious_owl
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      I don’t follow. Banks are required to use insecure SMS for OTPs by PSD2