Marcus Hutchins :verified:Hot take: Google Authenticator is garbage. Yes, sim swapping is a thing, but it's typically used against high value targets (it also requires additional info such as the target's mobile number). For the average user they're more likely to lose their phone and 2FA codes along with it than get sim swapped. You might think Google Authenticator codes get backed up, but the way in which they don't is so complex I'm not even sure I fully understand it. SMS also has the added benefit of context. You can prefix messages with things like "we will never ask for this code over the phone" or "this message is being sent in response to a password reset attempt" which can provide users with valuable security awareness. Even the simple existence of the message is sometimes enough to tip someone of that their account is under attack. All of these problems are solve in other kinds of 2FA apps, but Google Authenticator specifically is just awful even for fairly technical users, and I don't think we pay enough attention to that.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.