The problem with moving away from SMS authentication is that not everyone in the world has a smartphone or is able to use something like a Yubikey. SMS is the lowest common denominator that allows most people in the world to use 2FA. If you require 2FA and don't allow SMS, you cut off access for a lot people, including the poor and likely the elderly.
Merad|8 years ago
C4K3|8 years ago
In Denmark there's something called NemID [1], which is basically just a credit-card sized piece of plastic with a bunch of 6-digit one-time passwords on it. It's very accessible, maybe not as secure as U2F, but definitely more secure than SMS.
It ought to be possible for the tech community at large to come up with solutions like this that are better than SMS, but still accessible, just as the push-to-approve 2FA mentioned in the OP.
[1] https://en.wikipedia.org/wiki/NemID
fulafel|8 years ago
JeanMarcS|8 years ago
If official websites (tax, banks, etc...) start to use app 2FA, people with only a mobile phone will have to use, what, physical mail ? Or will they have to go to buildings in person ?
I agree that the more secure the better, but we mustn’t stop thinking of a big part of population that can not afford smartphones (or key or whatever). Same problem for non technical persons.
Spivak|8 years ago
Alternatively there are a number of desktop based 2FA clients:
- Authy - GAuth - JAuth - WinAuth
iak8god|8 years ago
matt_wulfeck|8 years ago