SMS as a form of 2FA is unsuitable considering the sensitivity of such information. On the other hand a government backed smart card would offer the appropriate level of authentication without locking out access to a section of users.
Mark,
While I do concur completely with your observation. I was considering the user group for the service. Other more advanced mechanisms would reduce the usability/accessibility by a large portion of the Country.
A better way would be a registration process to access your records where one can select a Channel for 2FA
Denis
On Fri, Jun 30, 2017 at 10:54 AM, Mark Kipyegon via kictanet <kictanet@lists.kictanet.or.ke> wrote:
SMS is not a secure implementation of two factor authentication.
On 30 Jun 2017, at 10:40, "kictanet-request@lists.kictanet.or.ke " <kictanet-request@lists.kictanet.or.ke > wrote:
>
> A simple 2 Factor Authentication mechanism via SMS would suffice to start
> with.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.