Multifactor auth done right

chris@l.roofo.cc to Programmer Humor@programming.dev – 455 points –
20

You are viewing a single comment

SMS is something you have, IE access to your phone. Doesn't mean it's the best option, SMS is notorious for being insecure

The 10,000 support staff with dubious social engineering training at your service provider are not "something you have". Case in point literally a few weeks ago https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/

This is an article describing someone impersonating an officer and submitting a fake warrant. It's incredible that Verizon fell for it, but what does it have to do with SMS?

It means that if I want access to something that has been texted to you, I don't exactly need to be a government in order to get it.

1 more...
1 more...
1 more...