sms codes are not an acceptable replacement for two factor, you incompetent victorian administrators

@drsbaitso "good news! You can now use Google authenticator in addition to using SMS codes!"

SO LET ME TURN OFF SMS CODES YOU WEASEL

@kevinmirsky @drsbaitso God that pisses me off SO much when they force you to have SMS and always allow it as a fallback.

@drsbaitso The crazy thing I've heard is that banks (among the more notorious pushers of this) spend less money on dealing with this insecurity than the cost of support calls for people who don't understand 2FA apps etc.

I swear boomers ruin everything. Credit scores, SMS as 2FA, da erf, democracy, lol.

@drsbaitso@infosec.exchange And you do not IMPROVE security by forcing all account usernames to be the email address registered to the account. Now any attacker who knows your email address knows your username, and vice versa.

Looking directly at you here, Rocket Mortgage.

"If you entrust your security to amateurs, don't be surprised when you get amateur security." — Bruce Schneier

@kevinmirsky @drsbaitso Seriously, what's the deal with that? When some platforms I use first did this my first thought was, "oh they're just doing this temporarily until they migrate users." Years later, I'm wondering why they even bothered? Who was satisfied by this?