Hacker News new | past | comments | ask | show | jobs | submit login

Ok, that's not trivial to hack, but it's in no way more secure than accepting a few more backup tokens.

Both email and phone numbers have widely known and exploited vulnerabilities that won't ever be fixed (worse if the phone part is only SMS). Requiring both at the same time is OKish, but not any exemplary security.




For what it's worth the phone portion is a voice call where you have to enter a number with touchtone.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: