Ah. Depending on the platform, you are now worse off than you were to begin with. Several platforms also use SMS as a "recovery" mechanism, allowing full takeover of an account. You would be correct that this is strictly a larger hurdle, so long as no recovery feature exists.
-
This Tweet is unavailable.
-
-
This Tweet is unavailable.
-
Replying to @petersongeorged @tqbf
You're not bugging me. Yes, you can certainly decouple the two and judge independently, and come to your conclusion. In practice, these features often coexist for a couple reasons. Even Authy OTP historically allowed SMS recovery and still might(?), which was often exploited.
1 reply 0 retweets 0 likes -
This Tweet is unavailable.
-
Nobody is saying that we should abandon generators. The problem is SMS, not code generators.
1 reply 0 retweets 0 likes -
This Tweet is unavailable.
-
Correct, I would make that argument.
1 reply 0 retweets 0 likes -
This Tweet is unavailable.
-
I understand, and I'm saying people incorrectly believe that SMS 2FA makes them immune from attacks like phishing and password reuse attacks, like in this case. Do you agree that's a bad thing?
1 reply 0 retweets 0 likes
The problem is I can clearly see the negative effects of SMS 2FA, I'm not clear on the positives. I've heard the argument that attacker must rewrite their tools to handle SMS 2FA users, and that inconvenience is the positive. I have a response for that, if you're interested 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.