Comment by perryizgr8
5 years ago
Using SMS as a login verification thing is just so irritating. My bank asks me to enter an SMS OTP every time I login to the website. I know my username and password! Let me into my bank account!
5 years ago
Using SMS as a login verification thing is just so irritating. My bank asks me to enter an SMS OTP every time I login to the website. I know my username and password! Let me into my bank account!
They're trying to do that to break 3rd party financial integrations. Not for your security but because they think they deserve to get paid for your data and these other people haven't paid up.
Credential stuffing is a widespread problem. Im sure everyone on HN uses a password manager and different passwords for every service, but many people don't.
It's makes a lot of sense for a high-value target like banking to require 2FA, but SMS is the worst way to do it.