top | item 39269781

(no title)

joshe | 2 years ago

The problem is that average sms security is higher than email, but email CAN be much more secure. So for mass market accounts sms makes a good login confirmation and improves security.

But if you've bothered to have somewhat secure email it sure would be nice to use that instead, and not worry about the 50,000 retail and support staff at telcos who can grab your sms account based on a convincing phone call.

So, please, I beg of you login developers, offer email wherever you use sms now.

discuss

kredd|2 years ago

I understand it’s a naive statement, but in order to log in into your email you would end up relying on some other sort of 2FA. And we’re back to square one to relying on SMS, because UX of other authentication flows has irrecoverable flaws.

hedora|2 years ago

Exactly. You could use a trustworthy mail provider with a domain you own (registrar and DNS provider in two other accounts, probably), and then a second mail account for the 2FA for the other three accounts, but then what's the 2FA for the second email account?

unknown|2 years ago

[deleted]