Skip to content

11 Comments

If a nation state is really interested in getting into your Facebook account, I don’t think a code sent to your phone is going to keep them out.

Seemed like an OK idea until I got to the part about text messages. Believe it or not, everybody in the world does not have texting…..it is an option you know.

Contrary to the implication in the article, I’m not certain that text message is the only way to get the one-time code. I believe that I’ve seen the code pop up in the facebook application in my phone, and you have the option to print out a list of one-time-use codes that you can use without a smart phone.

Good point. I’ve got a landline phone and a desktop and *no* form of mobile communication (I’m retired and rarely away from home), and I feel the biggest failing of 2FA these days is its reliance on the assumption that everyone in the universe has access to SMS or equivalent texting.

It’s annoying to say the least that you can’t use an external authentication like Google’s Authentication app, and that you have to hand over credentials like a telephone number for “security”. Same with Twitter.
I trust the authenticator app a lot more than I trust receiving a text message, and don’t trust the companies enough not to abuse the fact they have my contact number.

Seems to me that if they can get your passwords and such they can also get your phone number and send you a login code that they have set up themselves.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?