anything handling sensitive data (medical, legal, financial, etc) absolutely needs stringent and thorough processes for completely changing login information (i.e. email address).
Hardware-based 2fa would be nice, but it seems that these same organizations are among the only which DON’T have hardware-based 2fa and insist on texting codes, instead.
None of them actually take security seriously, even through all of them should be!
I agree, texted codes are not very secure and it honestly surprises me how common that quasi-2fa implementation still is. Granted, common thieves/scammers don’t typically go thru the hassle of emulating your number and generating a false sim card in order to intercept text messages meant for you. So, it’s still better than nothing, at least.
Hardware-based 2fa would be nice, but it seems that these same organizations are among the only which DON’T have hardware-based 2fa and insist on texting codes, instead.
None of them actually take security seriously, even through all of them should be!
I agree, texted codes are not very secure and it honestly surprises me how common that quasi-2fa implementation still is. Granted, common thieves/scammers don’t typically go thru the hassle of emulating your number and generating a false sim card in order to intercept text messages meant for you. So, it’s still better than nothing, at least.