3 comments

[ 3.2 ms ] story [ 16.6 ms ] thread
While SMS has been known to be the worst of all the 2FA methods, something is better than nothing.

Some people will not have hardware keys (passkeys). Or will not have the app. Deprioritizing the SMS factor and labeling it as a less secure method to the user would be best imo.

(comment deleted)
They don’t mention email 2fa in the page. Is that considered insecure now? Would be really nice for people like me who don’t install the app because i don’t want every link to GH to open there.