Hacker News new | past | comments | ask | show | jobs | submit login

Twilio managed to convince everyone that SMS based auth was a good idea but it's always been a bad idea. Drop twilio and go back to using passwords and use a different 2fa method.



Most users forget/neglect keeping backup codes for proper 2fa, unfortunately.


Were falling through the computer literacy gap between SMS MFA and authenticator/Yubikey MFA at the moment. While an IT person can do password managers (with secure backups) authenticators, passkeys, and biometrics, all with half-decent opsec, the average user can barely do more than a couple of passwords for everything, and SMS MFA.

It's absolutely critical that the companies we support vastly improve their security, but there's no way to get there from here with their staff, lack of any established processes, and zero training infrastructure.


Like Authy (owned by Twilio)? Or give them all to (totally not evil) Google?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: