How convenient, this SCA (en.wikipedia.org/wiki/Strong_c). It's a perfect way to extort mobile phone numbers from customers.

And that's why FreeOTP or Fido keys as providers of the additional factor will not get any significant traction beyond corporate use, regardless that SMS is insecure (for example subject to passive monitoring, MitM, or SIM swapping social engineering)

Follow

And on top of that, Paypal already harvested my phone numbers from vendors who made it compulsory in their order forms.

· · Web · 1 · 0 · 0

Funny enough, they do offer 2FA by Google Authenticator, though their mailings kept pestering me to add my phone number.

Show thread
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!