Facebook Shows Why SMS Isn't Ideal for Two-Factor Authentication
by Josh Centers
If you follow recommended security practices, you use two-factor authentication on every online service that allows it. For those who aren't familiar with two-factor authentication, it makes it so a username and password is no longer sufficient to log into your account
- you must also provide a six-digit time-based one-time password that is either sent to your phone via SMS text message or generated by an app.
(Then there's Apple's two-factor authentication for Apple ID-protected logins, which relies on Apple-proprietary communication channels and devices and thus breaks the usual conventions, see "Apple Implements Two-Factor Authentication for Apple IDs," 21 March
2013.)