SMS as a form of 2FA is unsuitable considering the sensitivity of such information. On the other hand a government backed smart card would offer the appropriate level of authentication without locking out access to a section of users.

On 30 Jun 2017, at 12:30, "Denis G. Wahome" <dwahome@gmail.com> wrote:

Mark,

While I do concur completely with your observation. I was considering the user group for the service. Other more advanced mechanisms would reduce the usability/accessibility by a large portion of the Country.

A better way would be a registration process to access your records where one can select a Channel for 2FA

Denis

On Fri, Jun 30, 2017 at 10:54 AM, Mark Kipyegon via kictanet <kictanet@lists.kictanet.or.ke> wrote:

SMS is not a secure implementation of two factor authentication.

On 30 Jun 2017, at 10:40, "kictanet-request@lists.kictanet.or.ke" <kictanet-request@lists.kictanet.or.ke> wrote:

>
> A simple 2 Factor Authentication mechanism via SMS would suffice to start
> with.