SMS is the only "second factor" that you can't control at all, your phone number can be changed from the phone company at any point, disabled, or suddenly refuse to work in a foreign country (all of those three happened to me).
For those reasons, even as a second factor it's a terrible one. SMS is just not a good method of authentication at all and has no place in a login form.
At it's best, SMS is only useful as a read-only notification system for non-sensitive purpose.
For those reasons, even as a second factor it's a terrible one. SMS is just not a good method of authentication at all and has no place in a login form.
At it's best, SMS is only useful as a read-only notification system for non-sensitive purpose.