
Apple wants to standardize the format of SMS OTPs (one-time passcodes) - djrogers
https://www.zdnet.com/article/apple-wants-to-standardize-the-format-of-sms-otps-one-time-passcodes/
======
tcd
I'm honestly tempted to tell my bank I no longer have a SMS capable device and
will not be getting one (and that my number on their file is no longer under
my control and as such is a security risk).

I want 0 to do with SMS security, I am happy to use 2FA via an app, and backup
codes, that I have to manually enter, with an insanely long 50 char password
that's unique for each site.

Sim jacking is a real issue, and it's possible and sometimes easy to assume
control of somebody's phone number.

SMS is also not a secure protocol in any way, shape or form. No security or
privacy is built in, similar to emails.

Now if we go about adding something like private public key pair
authentication that would be a good start, and a standardized "build your own
security" where you can add as many layers to each site rather than relying on
them to keep you secure which they often fail at.

