Two factor with SMS is insecure, period!

caleb45caleb45 Member Posts: 1
edited December 2020 in Ask The Community
I've got an email saying Payoneer will enforce two-factor authentication soon. That's fine, except it only offers receiving two-factor codes over insecure SMS.

That's long been known as insecure method, and Payoneer is just going to enforce using a flawed method. That's not an opinion, there are articles about it on the web such as this: https://www.cnet.com/how-to/do-you-use-sms-for-two-factor-authentication-heres-why-you-shouldnt/

Please be aware about "SIM swap" attacks and please offer using 2FA apps at least as an option.

Comments

  • ivan_savichevivan_savichev Member Posts: 1
    edited November 2020
    Dear Payoneer,

    Please add support of 2FA with apps like Authy or Google Authenticator.

    SMS are not only insecure but hard to use if you are abroad in roaming and changing sim cards all the time.

    This is completely unacceptable in 2020 to enforce your users 2FA without this option.
This discussion has been closed.