Ask HN: Why don't all websites allow sign-ins with temp code sent to mobile - kiranz
======
hardwaresofton
I agree with the other commenter that noted that SMS isn't secure, but
passwordless login is a growing trend, I think.

[https://auth0.com/docs/connections/passwordless/faq](https://auth0.com/docs/connections/passwordless/faq)

[https://www.okta.com/security-blog/2018/04/is-
passwordless-a...](https://www.okta.com/security-blog/2018/04/is-passwordless-
authentication-actually-secure/)

Granted those companies might be a bit biased (they both sell a passwordless
plug-and-play solution), but considering that the password reset flow does
have the same vulnerabilities I think they have a valid point, regardless of
bias.

------
oooooof
If you mean SMS, it’s not secure.

