I’d like to see SMS authentication to verify website but since that can be sniffed and intercepted id mostly prefer to see google two factor Authenticator app enabled and made part of the login, transfer, and profile updating process.
It will put it inline with other services such as coin base, bittrex, all of our online saas services for our businesses.
yeh i’ve heard some horror stories, especially when the user has been tricked to log into a fake phishing site exposing their username and password and not having 2FA enabled allowing the hackers to get in, enable 2FA and clear out the accounts.
Authy seems to have a nice SMS recovery. Having the SMS registered with authy and a website automatically syncs the app with websites that are registered with Authy. (I think thats how it works)
We’ve been trying out a couple of implementations of 2FA and it seems the SMS + Authy is a good combination for users that might loose their phones and data. Otherwise recover is hard without having recovery tokens setup.