E.G: last week, my brother wanted to try one of my service account on his ipad (we set it up only on his computer). He tried to connect with my password, but any new device requires a 2FA. So he calls me, and I gave it to him.
Now, in this particular example, I was at home, so I had access to internet.
But I'm often traveling to places where I don't.
In fact, I lived in Mali for 2 year where this has been a big trouble for all administrative stuff. Nowadays, I would assume a lot of Malian people have a phone numbers, but no emails, anyway.
But without going that far, the French country sides have plenty of places where you get text but not internet. And being in a car or train is often enough for that.
I don't think SMS is a good 2FA. I have 3 yukikeys at home.
But I believe any geek should first spend a month working in a call center before making a comment about 2FA.
There is a looooong tail of things getting wrong, and there is a reason corporations chose SMS: they tried all the rest, and it was worse.
Now thing are getting better with in app 2FA notifications, but of course it assumes you have a smartphone.
E.G: last week, my brother wanted to try one of my service account on his ipad (we set it up only on his computer). He tried to connect with my password, but any new device requires a 2FA. So he calls me, and I gave it to him.
Now, in this particular example, I was at home, so I had access to internet.
But I'm often traveling to places where I don't.
In fact, I lived in Mali for 2 year where this has been a big trouble for all administrative stuff. Nowadays, I would assume a lot of Malian people have a phone numbers, but no emails, anyway.
But without going that far, the French country sides have plenty of places where you get text but not internet. And being in a car or train is often enough for that.
I don't think SMS is a good 2FA. I have 3 yukikeys at home.
But I believe any geek should first spend a month working in a call center before making a comment about 2FA.
There is a looooong tail of things getting wrong, and there is a reason corporations chose SMS: they tried all the rest, and it was worse.
Now thing are getting better with in app 2FA notifications, but of course it assumes you have a smartphone.