from Hacker News

2FA SMS is not obsolete because neither is a combination lock

by nethsix on 8/14/17, 3:17 PM with 3 comments

  • by jodrellblank on 8/14/17, 3:27 PM

    SMS are more likely to be read by the user compared to app notifications

    is nothing safe from effing marketers? Not even authentication frontends in a security discussion are free from abusing it as a sticky communication channel.

    It won't be more likely to be read than app notifications when it's as abused as app notifications, and we'll all be worse off for it.

  • by borplk on 8/14/17, 6:34 PM

    > SMS-based 2FA also offers a unique proposition – it enables the web service to verify the user, as well as acquire a sticky and unique user identity (phone number) in a single swoop. This gives the web service a reliable channel to get the user’s attention.

    No, just no.