I’ve been going through updating all of my accounts (passwords, 2FA, etc.), and I’ve noticed that there are a lot of sites that don’t offer any form of MFA.

I can understand smaller services that might not have the bandwidth, but surely larger organisations are able to get this setup?

  • AA5B@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    SMS 2fa on banks is not as bad as you’d think.

    1. They settled on SMS before there really were choices, and banks are slow to change
    2. Banks long since realized SMS was inadequate and use additional security. I imagine all banks in US, but certainly the biggest ones, invested in profiling software that looks at your behavior and device to rate every transaction by additional risk factors. They’re already pretty confident nothing bad is going on