Rusty Kroboth
Sep 6, 2018 · 1 min read

So you are doing away with 2FA within 30 days because of a 2016 article that says SMS 2FA is possibly not as secure as other 2FA methods. As if no 2FA is better than a slightly less effective 2FA. And there’s no *requirement* for users to switch to Google to keep using 2FA — they could just do nothing, and then end up being stripped of their 2FA. And we all know most users will do nothing. And there’s no way for the account owner to ensure that their employees actually do switch to Google 2FA after you disable the 2FA they are using.

Correct me if I’m wrong, but it really sounds like you are creating security holes, rather than improvements. The intention is noble, but I hope you reconsider the way you are doing this.