DEV Community


Discussion on: Multi-Factor Authentication (MFA)

dwd profile image
Dave Cridland

I have never understood the argument that SMS-based 2FA is worse than no 2FA at all. TOTP isn't perfect either, and has different weaknesses (and is, in any case, not "real" 2FA since it's a shared secret). But I'll get what I can get.

radio_azureus profile image
Radio Azureus

THe only bad #MFA IMHO is a custom programmed system. 5 programmers can never see what hundreds can, so for example the system by steam is a bad one, since it only works with their app and uses just 4 tokens instead of 6. When you have accounts going in the 100+ that is just a hassle. WHen you lose access to the app, you are in lockout for days, before support can dislodge the account