Technically code via SMS is 2FA, it is proving one has access to that cell/mobile phone account either directly or indirectly. I would say it is a terrible authentication system but it is a different factor to something you are (biometrics) or something you know (password/passphrase). However cell/mobile phone accounts are really easily to social engineering access to via the phone companies to send replacement SIM cards for that IMSI, not to mention the encryption to/from the phone has known major flaws (especially pre 3G GSM standards). Far better to use TOTP, HOTP or U2F which are actually designed for authentication purposes rather than have the phone company attempt to do it for you.
No comments yet.