Hello all,

I guess there is some information I'm missing. I don't understand what is all the fuss about.

Here's what I'm doing to make 2FA work for me

User logs in
I send SMS with 6 digit code.

In the enterprise it's established that the users will have to apply a change to the code before entering it in in a textbox.

So for example if the code I send is "348825" user knows that the changes necessary are "++--45"

+ means user will have to add 1 to the digit
- means user will have to subtract 1 to the digit
If there is a digit it means that the digit will have to be replaced

So instead of typing "348825" the user will have to type

3 + 1 = 4
4 + 1 = 5
8 - 1 = 7
8 - 1 = 7
2 replaced by 4
5 replaced by 5

So the user must enter the code "457745"

Hacking impossible with that. Unless there's something I'm missing.