Yeah, anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address). But random superfluous websites I use for entertainment or socializing? Get outta here.
anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address).
Hardware-based 2fa would be nice, but it seems that these same organizations are among the only which DON’T have hardware-based 2fa and insist on texting codes, instead.
None of them actually take security seriously, even through all of them should be!
I agree, texted codes are not very secure and it honestly surprises me how common that quasi-2fa implementation still is. Granted, common thieves/scammers don’t typically go thru the hassle of emulating your number and generating a false sim card in order to intercept text messages meant for you. So, it’s still better than nothing, at least.
Yeah, anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address). But random superfluous websites I use for entertainment or socializing? Get outta here.
Hardware-based 2fa would be nice, but it seems that these same organizations are among the only which DON’T have hardware-based 2fa and insist on texting codes, instead.
None of them actually take security seriously, even through all of them should be!
I agree, texted codes are not very secure and it honestly surprises me how common that quasi-2fa implementation still is. Granted, common thieves/scammers don’t typically go thru the hassle of emulating your number and generating a false sim card in order to intercept text messages meant for you. So, it’s still better than nothing, at least.