re: How to Process Passwords as a Software Developer VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Why not use SMS?, see Note: Do not implement SMS for multi-factor authentication!
 

Because it's easy to do SIM swam scams, spoof phone numbers, etc. It's another personally-identifying bit of information that we shouldn't need for authentication.

As attacks become more efficient, we're moving to better solutions like YubiKeys and TOTP-based authenticator apps. Both of which are still fairly easy to use.

code of conduct - report abuse