I’ve been going through updating all of my accounts (passwords, 2FA, etc.), and I’ve noticed that there are a lot of sites that don’t offer any form of MFA.
I can understand smaller services that might not have the bandwidth, but surely larger organisations are able to get this setup?
The worst part of those is when they do support 2FA, but it’s text-only. No app authentication or hardware key option.
Like it’s something, but it’s easily the least secure option, and probably the most expensive since it requires operating an additional SMS portal for those codes.