Originally Posted by
jsloan
An authenticator app is an improvement over SMS, and a physical token better still. However, keep in mind that the airline industry is intentionally insecure, because there people whose job responsibility consists. almost solely of managing others' travel plans. And any process that starts online, without an offline interaction of some kind, is never secure -- the "2FA" depends upon their single-factor identification of you the first time.
I don't disagree there are better options than SMS. I'd love a world where we can use passkeys and hardware tokens, but how many of us have family members that would
never do that and use the same password for everything across the internet?