First, to get it out of the way, app-based 2FA is superior in many ways. But we also need to recognize that some 2FA is better than nothing.
I would provide two scenarios: first, you're about to get bankrupt, and second, you want to do it the right way.
1️⃣ In the first scenario, an acceptable answer would be to disable SMS 2FA altogether, clearly communicate why it's happening, and provide an easy migration way.
🚫 What Elon did:
- Don't communicate the risk of 2FA
- Push users to upgrade to Blue to keep SMS 2FA, which neither help with telco scam nor makes their accounts secure.
- % or remaining will disable 2FA.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!