
Ask HN: Phone number as a second authentication factor - diminish
Most internet banking apps, send you an SMS or allow you to enter a password to access full banking features. Someone who has access to your phone, already has access to your SMS and password generator app.<p>Historically, your phone was a 2nd factor, but not anymore. Why do app developers ignore this basic thing?
======
allwein
I feel like you're glossing over several factors. In your scenario:

1: Person must have physical access and control of your phone.

2: Person must have Phone pin-code or password, in order to unlock phone and
access either SMS, banking app, or password app. Or somehow brute force
password or decrypt phone contents.

3: Person must have either password for banking app or password to Password
App to gain banking password.

If you're not using passwords (and different ones at that) for your phone,
password manager, and banking apps, then _that 's_ the whole in your security,
not from using SMS as a second factor.

There are issues with using SMS in 2FA, but it's not the issues that you've
brought up.

