![]() ![]() > Advanced users that understand the risk may remove the phone number from their account once two-step verification is enabled. > Please note, if two-step verification is enabled, access to the phone number itself is not sufficient to gain access to an account: you still need two factors (your password AND the SMS). We therefore believe requiring a phone as a backup option strikes the best balance of confidentiality (no one else can read your data) and availability (you can read your data) for the majority of our users. ![]() If you lose your phone, the TOTP key is lost but normally you can get a new SIM card with the same number from your carrier. However, for the majority of users, the risk of losing their two-step verification device is far greater than the risk of someone hacking their SMS. We are aware that SMS is not the most secure of methods for 2FA, and has been deprecated by NIST. But so too is making sure you don't get locked out of your own account. > Keeping your account safe from attackers is very important. > Why do I have to add a recovery phone number to set up two-step verification? They have a long section in the documentation that strongly discourages it, and it seems like they will refuse to restore your account if you lose your 2FA, which is exactly what I want: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |