OK, so what is the best alternative? I must admit that I have never been a fan of 2FA via SMS. And I'm also sick and tired of hardware tokens that are often used by banks and brokers. I would rather have them identify me via the device, for example the PC or smartphone.
Apps such as Google Authenticator, Duo Mobile and LastPass Authenticator are freely available, so it's not clear why we're still using SMS. That said using SMS for 2FA is still far more secure than not using 2FA. Also the "simple" hack referred to in the Softpedia article requires that the hackers have full access to the user's PC; that's not typical.
What do you mean? What I'm basically talking about are software based tokens. So you install some app on your device, and it's responsible for identifying you. Another option is USB tokens. https://www.rsa.com/en-us/products/rsa-securid-suite/rsa-securid-access/securid-software-tokens https://www.howtogeek.com/232314/u2...g-universal-two-factor-authentication-tokens/
I meant some sort of "cookies" that servers use so that they can remember your device. I thought that's what you meant by "identify me via the device".
I believe that is already being used by Google, Facebook and Yahoo, and they alert when you're trying to login via an unknown device. But yes, that's not good enough. Too bad that most websites still don't work with soft tokens or USB keys, these methods sound like the handiest. https://www.securenvoy.com/two-factor-authentication/soft-tokens-explained.shtm
