So you know all those multifactor login thingies that want to send you an SMS to your phone with a code you have to type in? Yeah, they’re on the way out. Well, sort of.

The gist here is that sending one-time codes over SMS relies on the notion that SMS messages aren’t easy to intercept, either out of the air or on the target’s phone. That’s not as true as it used to be, hence NIST is recommending SMS-based OTPs be replaced by alternate systems (e.g. soft- or hardtokens).

That being said, no security system is perfect, and SMS-based multifactor is certainly better than no multifactor at all, so. Yanno. Get on that.