https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399987#M55069 <P>Hi <a href="https://community.ee.co.uk/t5/user/viewprofilepage/user-id/1370937">@michael23578925</a>&nbsp;</P> <P>It has taken EE years to finally implement this system. They will be looking at ease of use for all customers and the more simple is the better option.&nbsp;</P> <P>Thanks&nbsp;</P> Mon, 24 Jun 2024 08:05:16 GMT Northerner 2024-06-24T08:05:16Z https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399981#M55067 <P>I have just seen the new&nbsp;Two-factor authentication option. Once you turn it on you cant turn it off.&nbsp; I see from the description is that this is by SMS.&nbsp;</P><P><SPAN>Im very happy to see 2fa as an option. But to do so via SMS is just retrograde. As an easy option for basic users I can see why but really this is not considered secure anymore and definitly not convenient.&nbsp;</SPAN></P><P><SPAN>Why not offer device generated otp by&nbsp; OATH -&gt; BETTER</SPAN></P><P><SPAN>Or better still remove the password and 2fa codes entirely and offer FIDO2 passkey entry? -&gt; BEST</SPAN></P><P>EE - you can do it! It's a simple change and will make everyone more secure. It would be a great marketing point too!</P><P>&nbsp;</P> Mon, 24 Jun 2024 08:01:47 GMT https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399981#M55067 michael23578925 2024-06-24T08:01:47Z https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399987#M55069 <P>Hi <a href="https://community.ee.co.uk/t5/user/viewprofilepage/user-id/1370937">@michael23578925</a>&nbsp;</P> <P>It has taken EE years to finally implement this system. They will be looking at ease of use for all customers and the more simple is the better option.&nbsp;</P> <P>Thanks&nbsp;</P> Mon, 24 Jun 2024 08:05:16 GMT https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399987#M55069 Northerner 2024-06-24T08:05:16Z https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399994#M55070 <P>Thanks for replying.</P><P>I dont really follow your reply as it doesnt really address the issue.</P><P>EE taking years to implement this is a reflection of their poor prioritisation and is no reason to base decisions on. They could easily do it, esp OATH</P><P>Ease of use - keep SMS as an OPTION but not an OBLIGATION if need be. It isnt necessary and either/or option and quite frankly if SMS is there already then OATH is a simple extension of the same structure. Allowing more technical users to use OATH and turn off SMS would be trivial.</P><P>Furthermore - passkeys are pretty simple these days - every phone/laptop has it built in now.&nbsp; Agreed it might take a bit more effort to implement, but not much more.</P><P>It just seems like poor decision making by EE taken by old non-technical people who are behind the times</P><P>&nbsp;</P> Mon, 24 Jun 2024 08:26:57 GMT https://community.ee.co.uk/t5/EE-app-and-website/Two-factor-authentication-by-SMS-OATH-is-better-or-FIDO2-better/m-p/1399994#M55070 michael23578925 2024-06-24T08:26:57Z