Developers, consider not sharing the name of your app in your SMS 2FA text messages. This may allow people / aggregators (govt. or other) in the middle to glean information about your users.
Instead, consider displaying a unique string in the app itself, then share that via the text message to pair in addition to the TOTP code.
This may help whistleblowers & everyday people to avoid divulging additional attack surfaces.
@renatoram Using a non-Google based authenticator app is a good choice, but it does add complexity for the non-technical people. The risk of lock-out is higher too.
SMS 2FA is not perfect, but is more secure than not having a 2nd factor.
Some sites don't even give the option of SMS or authenticator apps. So our hope is to try and convince developers to refactor their messaging in the SMS itself.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!