
2FA SMS is not obsolete because neither is a combination lock - nethsix
http://blog.ringcaptcha.com/sms-based-verifications-time-disagree/
======
jodrellblank
_SMS are more likely to be read by the user compared to app notifications_

is nothing safe from effing marketers? Not even authentication frontends in a
security discussion are free from abusing it as a sticky communication
channel.

It won't be more likely to be read than app notifications when it's as abused
as app notifications, and we'll all be worse off for it.

~~~
nethsix
Yeah. Every single action is tracked these days, and almost every channel is
utilized as a marketing attempting; some channels are just very well disguised
or they do provide some value/amusement that they are sort of welcome or at
least tolerable.

------
borplk
> SMS-based 2FA also offers a unique proposition – it enables the web service
> to verify the user, as well as acquire a sticky and unique user identity
> (phone number) in a single swoop. This gives the web service a reliable
> channel to get the user’s attention.

No, just no.

