Well if that's the case they could still offer true MFA. Make at least SMS 2FA m... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		KingMachiavelli on Jan 10, 2020 \| parent \| context \| favorite \| on: SMS is not 2FA-secure Well if that's the case they could still offer true MFA. Make at least SMS 2FA mandatory but offer OTP/token based MFA. Obviously banks are a place with a lot of low-value targets and a few very high-value targets, but the cost to implement MFA is the same so they might as well do it.

jeltz on Jan 10, 2020 [–]

Yeah, the by far biggest cost of 2FA is the recovery process which you need anyway, not actual 2FA implementation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact