Hello,
I’ve seen that 2FA is available on the swisspass website and this is great. Really.
But the only option to activate 2FA today is per… SMS, which is actually NOT secure because SMS are NOT encrypted and they are a delightful target for phishing scams.
A better option would be to let a client (e.g. an authenticator application) generates Time-based one-time password.
Also, this is readily available in most web frameworks nowadays.
I hope to see this feature in a very near future because every website out there having code send by SMS are switching really fast to other techniques, for really good reasons.
Thanks.
Warm Regards.
