My guess is that it’s the easiest and cheapest way to set up “MFA”.
TOTP is cheaper.
SMS is actually expensive at scale. An example would be Signal, the messenger app that doesn’t use SMS. They have overhead for sending backup codes/new account creation/Verification/etc… https://www.wired.com/story/signal-operating-costs/ 6 million a year. API integrations for SMS messages/codes are still like 1-5 cents per message.
TOTP’s requirements? A reasonably accurate clock on the server, and storing the shared secret in a database.
I love mandatory sms
My guess is that it’s the easiest and cheapest way to set up “MFA”.
The number of banks that don’t have proper MFA really bugs me.
TOTP is cheaper.
SMS is actually expensive at scale. An example would be Signal, the messenger app that doesn’t use SMS. They have overhead for sending backup codes/new account creation/Verification/etc… https://www.wired.com/story/signal-operating-costs/ 6 million a year. API integrations for SMS messages/codes are still like 1-5 cents per message.
TOTP’s requirements? A reasonably accurate clock on the server, and storing the shared secret in a database.