Two factor with SMS is insecure, period!

caleb45

I've got an email saying Payoneer will enforce two-factor authentication soon. That's fine, except it only offers receiving two-factor codes over insecure SMS.

That's long been known as insecure method, and Payoneer is just going to enforce using a flawed method. That's not an opinion, there are articles about it on the web such as this: https://www.cnet.com/how-to/do-you-use-sms-for-two-factor-authentication-heres-why-you-shouldnt/

Please be aware about "SIM swap" attacks and please offer using 2FA apps at least as an option.

mowgus

My thoughts exactly. It is widely known that SMS for MFA is not secure.

Additionally, if I am out of my home country, my cell phone number does not work so I cannot get an SMS and wouldn't be able to access my account. With it now being enforced, they're forcing me to abandon Payoneer. All my other accounts use an MFA app on my phone (i.e. Google Authenticator, Authy); why can't Payoneer do the same?

Payoneer is out of touch with reality.

ivan_savichev

Dear Payoneer,

Please add support of 2FA with apps like Authy or Google Authenticator.

SMS are not only insecure but hard to use if you are abroad in roaming and changing sim cards all the time.

This is completely unacceptable in 2020 to enforce your users 2FA without this option.