I say worse than nothing because it creates a false sense of security. Much like the TSA.
TOTP (time based one time passwords, where you have an app or physical token) are so much better and should be the bare minimum. Security keys being what people should aspire to, yubikey or other reputable vendor.
I’m on the fence with “passkeys” since they’re often vendor locked to your cell manufacturer which bothers me. I have some in my bitwarden, but find I have issues on my android for instance.
This is worse than nothing.
SMS/cellular based communications are a solved problem from a hacking perspective. https://youtube.com/watch?v=wVyu7NB7W6Y
I say worse than nothing because it creates a false sense of security. Much like the TSA.
TOTP (time based one time passwords, where you have an app or physical token) are so much better and should be the bare minimum. Security keys being what people should aspire to, yubikey or other reputable vendor.
I’m on the fence with “passkeys” since they’re often vendor locked to your cell manufacturer which bothers me. I have some in my bitwarden, but find I have issues on my android for instance.