illustration by supasavina
melkat.link

Heroku removes SMS as an MFA Verification Method

devcenter.heroku.com

We all know SMS two factor auth is very dangerous due to it’s insecure nature, but we don’t often here companies actually doing anything about it. Most won’t remove SMS two factor auth because they want your phone number so they can better target you with ads. Hopefully we start to see more people follow this trend, as everyone else is just playing security theatre.