I keep getting pinged on my dual factor app to let someone (not me) into my Facebook account. The code is only 2 digits, meaning someone has a 1 in 100 shot of guessing the code. I’ve probably been hit up 15-20 times with someone trying to get access. So the 1% success rate is getting worrisome.
As a result I just switched to getting an SMS code sent to me as my 2nd method.
Seems less likely to be able to be compromised than a randomly generated 2 digit number, but let me know if you disagree.
Thanks