How secure do they need to be? It's a single ephemeral factor. Every cell tower a numbers station. Sometimes I relay my OTP code to my friends in FB chat if I think the number has cool properties. I don't tell them anything else about the sign-in, so my self-breach has a rather limited risk factor. Didn't that LifeLock guy advertise his SSN everywhere?
I'd say reliability counts for more in these cases, and SMS was designed for unreliability, like UDP. So I'd be more concerned about the relationships and gateways from MFA services to send out their codes, and ensure that they can be received in a timely fashion. This message will self-destruct in ten minutes.
I'd say reliability counts for more in these cases, and SMS was designed for unreliability, like UDP. So I'd be more concerned about the relationships and gateways from MFA services to send out their codes, and ensure that they can be received in a timely fashion. This message will self-destruct in ten minutes.