This is why you never enable SMS based MFA. TOTP is well established and just works. If you need even more security FIDO2 devices like YubiKey are a thing.
For the love of God, someone inform Citibank and Chase of this. My dinky little local credit union allows me to use TOTP, but Citi and Chase still only seem to support SMS.
Chase supports push notifications via their app now, so at least they’re moving forward toward something a bit more secure. But yes, I’m so pissed that so many banks use SMS when it’s known to be easily spoofed.
This is why you never enable SMS based MFA. TOTP is well established and just works. If you need even more security FIDO2 devices like YubiKey are a thing.
It would be nice if that was a choice but SMS is unavoidable.
For the love of God, someone inform Citibank and Chase of this. My dinky little local credit union allows me to use TOTP, but Citi and Chase still only seem to support SMS.
Chase supports push notifications via their app now, so at least they’re moving forward toward something a bit more secure. But yes, I’m so pissed that so many banks use SMS when it’s known to be easily spoofed.