@anderseknert On the plus side, costs for re-sent codes have declined dramatically

@anderseknert Security through obscurity doesn't cut it, so security through absolute transparency must be the answer!

@anderseknert really leaning into improving the UX!

@anderseknert one factor authentication

@anderseknert this is a meme, right?

@anderseknert 🙈

@anderseknert yes security is important and all but this is very convenient!

@anderseknert Plot twist: it's always the same code - the code is static

@anderseknert Is that what’s referred to as “frictionless” in tech?

@anderseknert
Obligatory...

@anderseknert Where's the link that says, 'I didn't receive the code, please send it again?'

@anderseknert also another thing, if you know where someone generally lives, like state or zip, you could reverse the first 6 digits of the phone number.
so really you also gave someone ammunition for a sim swapping attack, all they need to do is dial all the general area digits until they come across you, then they have enough information to have your phone number.

@anderseknert to be fair, it really is much more convenient this way!

@anderseknert smells like old rotting phish to me

@anderseknert twist: the correct code is 'below2'.

@anderseknert to be fair, that is much more convenient!

@anderseknert Here's your verification code, we also sent it to some random phone number for the lols.

@anderseknert Don't worry. Everyone got that same code and even if they hadn't, any code will work to access the single account that contains everyone's data.

@anderseknert I stared at this for far to long before realizing what the issue was…

@anderseknert I love how the number of digits differ from the number of fields. This way it is vibed very secure.

@anderseknert at last, frictionless 2FA!

@anderseknert "We have sent the code 1234 to your phone number. Please enter your phone number" (just to check and update our database ;) )

@anderseknert WTF