They aren’t 100% reliable and it has its’ challenges based on its implementation but I wouldn’t consider it fundamentally insecure. It’s as secure as a NFC token, TOTP, or a push notification as a form of authentication. It’s like birth control, no method is 100% safe and effective, but plain username and password auth is like pulling out, anything is better than that.
They aren’t 100% reliable and it has its’ challenges based on its implementation but I wouldn’t consider it fundamentally insecure. It’s as secure as a NFC token, TOTP, or a push notification as a form of authentication. It’s like birth control, no method is 100% safe and effective, but plain username and password auth is like pulling out, anything is better than that.