1. 7
  1. 6

    I’m starting to find it odd when a service with 2FA doesn’t offer TOTP as the main option.

    It’s widely supported. You don’t need a bunch of different physical tokens/separate apps to authenticate. It’s more secure than SMS.

    1. 3

      Most embarrassing is the fact that PayPal still only offers SMS. Their 2FA messages are often delayed or dropped, too.

    2. 2

      Any recommendations for adding 2 factor authentication to a web application?