Change Details

(This is the current target of ((sms-is-insecure)), and linked to in the MFA documentation.) SMS is relatively easy to use as an authentication factor, but is significantly less secure than other types of factors. Although it's better than nothing, the upstream discourages using it. You should use it only if you have a very compelling reason not to use other factor types, like TOTP. It is empirically practical to compromise or intercept SMS:

(This is the current target of ((sms)), and linked to in the MFA documentation.) SMS is relatively easy to use as an authentication factor, but is significantly less secure than other types of factors. Although it's better than nothing, the upstream discourages using it. You should use it only if you have a very compelling reason not to use other factor types, like TOTP. It is empirically practical to compromise or intercept SMS:

(This is the current target of ((sms-is-insecure)), and linked to in the MFA documentation.) SMS is relatively easy to use as an authentication factor, but is significantly less secure than other types of factors. Although it's better than nothing, the upstream discourages using it. You should use it only if you have a very compelling reason not to use other factor types, like TOTP. It is empirically practical to compromise or intercept SMS: