I am appalled (with two p's) that my financial accounts seem less secured by 2fa than my gaming accounts -- almost all of which use Google authenticator and some use backup "one time printout" codes. With the exception of Fidelity (note below) all of the 2fa is SMS based -- which is notoriously bad. (< $20 and you can hijack the SMS stream of a given number).
Why is this? I am ready for a far more secure 2fa. Anyone know of any banks and brokerages that are doing this right? I cannot find one.
The note about Fidelity: You can opt in to using a Verisign code generating 2fa -- which seems a huge improvement -- but last I checked (and it has been a while) password reset bypassed it.
Submitted September 07, 2021 at 08:35AM by analyticaljoe https://ift.tt/3n99o6F
