lennier

It is actually included in the standard license, just the documentation for enabling it is quite easy to misunderstand (it mentions several times that it’s for business only, but what it means is needing to enable it is business only. It’s already enabled for standard users). Confused me too.

Some companies main users that they want to protect are customers who consider security to be having one shared password written on the noticeboard in the office. Sadly, sms is just an easier sell to a lot of users, and even getting them to do that can be a nightmare.

As for why proper TOTP isn’t supported as well… the cynic in me gives you the answer “the auditor required we implement 2fa, we have implemented sms 2fa, now go implement shiny feature x instead of wasting time” is probably a common corporate response.

In the UK, as long as you are able to track your finances well enough to ensure you repay the balance in full each month (you can arrange for this to happen automatically), there’s no reason not to use a credit card.

You should especially use it for purchases over £100 as by law card issuers are jointly liable for problems with goods purchased, so if I have a warranty issue the retailer won’t help with I can go through section 75 with my bank

I have never purchased something on a credit card and had it on the balance long enough to pay interest though, the rates are insane.