top | item 31647503

(no title)

> Apple’s implementation uses SMS as a backup.

I hope they'll go away from this, or at least give the option. I won't use their password/key storage until they do. 2FA is only as good as the weakest link, and SMS is the weakest possibility.

discuss

daveoc64|3 years ago

I don't think they can get rid of it, as not everyone using Apple's services has a supported Apple device.

They don't offer a standard like TOTP, so SMS is the only option.

r00fus|3 years ago

Is it possible to disable SMS at the carrier level?

bloppe|3 years ago

2FA is as strong as the strongest link, not the weakest. You need both factors, not either factor.

In this case, it's just that one of the factors has a weak backup option.

avh02|3 years ago

Until the "try another way" option is a weaker form of 2fa, like sms.