Please, please don't use SMS for authentication. Ever. Use authenticator apps (good) or 2FA hardware keys (best). 9to5mac.com/2020/01/13/sim…

@codinghorror Best best: purple 2FA keys

@codinghorror Has anyone compiled a list of any banks that do support something other than SMS?

@codinghorror We need all of the banks and financial companies to get this message

@codinghorror Which 2fa method do you use? Actually curious. Not trying to hack you.

@codinghorror I'm showing my ignorance here but my problem with app based 2fa is when I have to restore my phone unexpectedly. The process of restoring the apps has been painful. Is there one that isn't?

@codinghorror Hi Jeff. Thanks for this important warning. I never use SMS #2FA if I am not forced to do so. Not using #2FA at all is also bad. There would be a simple solution to this attack vector. The #Carriers just need to do their fucki.g job! 😡 If you read the article, you gonna puke. 🤮

@codinghorror @Fidelity only offers SMS as well. I would much prefer to use an authenticator

@codinghorror Out of interest where does 2FA via a code to email sit on this bad to good to better spectrum?

@codinghorror Completely agree with the sentiment but how do we make authenticator apps less intimidating for majority of users?

@codinghorror tru.id solves this problem! 🔒

@codinghorror That article was about pre-paid cards in the U.S. Is there a difference between pre-paid and subscriptions? What about other countries?

@codinghorror cc @RudderStack

@codinghorror Apps are probably best option for most people, as hardware keys are not really practical for day to day use and for all use cases you can use App for

@codinghorror I agree but it’s annoying that apps are only good at auto-filling 2FA codes if received by SMS 😩. At least of iPhone. Any other way requires me to: change app, get the code, copy, return to original app, paste. It’s just a few seconds but feels I credibly cumbersome.

@codinghorror Ensure the first FA is 💪 But then you got some sites that allow you to pw reset just via sms! 🤷‍♂️ I think we need more FAs… 3FA 4FA 😇 Some websites detect unusual behavior 👍

@codinghorror Systems that used to use apps are moving to SMS because more people will use it.