moin moin, I've been recommending for years that web sites should not be given your phone number for 2 factor authentication. First of all, they don't need your phone number :). Secondly, it's not secure. Now the NIST agrees. https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=sfgplus&sr_share=googleplus&%3Fncid=sfgplus See also the following. https://danielpocock.com/how-many-mobile-phone-accounts-will-be-hijacked-this-summer If you're setting up a service to use 2FA, please do not include SMS as one of the options. ciao, der.hans -- # http://www.LuftHans.com/ http://www.PhxLinux.org/ # So much shiny, so little time. -- der.hans --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss