
Beyond two-factor: How to use U2F to improve app security - kungfudoi
https://techbeacon.com/beyond-two-factor-how-use-u2f-improve-app-security
======
mtgx
One other vulnerability arises from how all companies currently implement U2F
right now: by setting SMS/app authenticators as mandatory "back-up". So your
U2F security will only be as good as that of the SMS/app authentication anyway
(until companies stop making this mandatory, at least, and instead require 2
U2F devices to act as back-up for each other - or just allow the user to use
one without any backup).

