I think this article is blatantly missing the point. Adding two-factor auth is the best way to stop shared compromised credentials (we all know people who don't use a random password everywhere) being reused on every common login form on the internet. Companies like Facebook are not going to issue everyone with authenticated tokens or smart cards. SMS though being a simple hurdle for a determined hacker it is effective at stopping en masse attacks on compromised credentials.
Using SMS as two factor auth for a bank does seem stupid to me as I expect hackers to be more determined to crack my bank account than my Facebook account. Banks have the resources and the long account setup times to allow them to use proper auth tokens.
Is there a better solution that SMS for low risk sites like Facebook or Twitter or my blog etc? Something with the same easy of use portability etc. Is the Google Auth token app any better?
Using SMS as two factor auth for a bank does seem stupid to me as I expect hackers to be more determined to crack my bank account than my Facebook account. Banks have the resources and the long account setup times to allow them to use proper auth tokens.
Is there a better solution that SMS for low risk sites like Facebook or Twitter or my blog etc? Something with the same easy of use portability etc. Is the Google Auth token app any better?
EDIT: login not logic in first paragraph