What’s wrong with enail and SMS 2FA

Yet another ill of modern society! 2FA (two factor authentication if your lucky enough to not have heard the term before)! The worst forms of which is SMS and email. I’m sure every one of us gets frustrated when we try to log into an account and it has to send us a verification code! But there is more to it than that!

Secutiry

I would argue that SMS and email based 2FA is less secure than just having a password. Accounts used to only have a username, and password. Now it is mandatory for some services to give up loads of personal information for the sake of “security”. The problem with this is that if service now gets hacked, instead of them only having your username and password (perhaps in a hashed form), they now have buckets of personal information. I would argue that is a greater security risk than having 2FA. If you use a long, randomly generated password your security will be perfectly expectable for most things. If you need the extra security, then use OPT based 2FA, it’s a much more sensible solution!

Why else resist?

Like all other technology, something that is optional, and then becomes widely used will inevitably become mandatory. 2FA becoming mandatory is bad not only because of the reasons mentioned prior, it also make having a phone and email address mandatory. At least email is decentralized, but making phones mandatory is undoubtedly awful. Both of these are bad for privacy, but even if you’re not concerned about that, the choice to have them should be optional! In the case of phones, you should not be forced into buying an expensive device, which you can’t repair yourself, to do a simple task!

Resist SMS and email based 2FA or it will inevitably become mandatory!

Contact me

If you have any questions, comments, or feedback, you can find my contact details here.