They aren’t ideal but are they actually worse than passwords? I’d bet that on net, more compromises happen with previously-leaked passwords

▲

deathanatos 9 days ago | parent [-]

I haven't actually seen these being used as passwords like TFA states; they're usually a form of 2FA.

If they actually are passwords, yes, my password manager is a better UX than having to fetch my phone, open SMS, wait for the SMS, like good grief it's all so slow.

(In the 2FA form, I'd prefer TOTP over SMS-OTP, but the difference is less there.)

	▲	Symbiote 9 days ago \| parent \| next [-]
		The largest site where I've seen this flow (username + email) is hotels.com.
	▲	whatevaa 9 days ago \| parent \| prev [-]
		Most people don't use a password manager. They just have shit passwords.