this post was submitted on 16 Sep 2023
-10 points (43.6% liked)

Memes

45647 readers
1076 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
  • fucking annoying
  • can't believe they sold people that it's BETTER to have to get your phone out to login
  • incredibly annoying
  • if you're using this willfully you're clearly just as worried about security as before anyway
  • companies love having real phone numbers to pair with 'their' data
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

yes microsoft was the one I was complaining about but you can't redirect phone calls in the same way as sms and sms itself is mostly vulnerable due to legacy things that they could stop using and finally that article was not just 2 factor but bringing in using sms for a password reset which is really insecure but unrelated to 2factor. 2factor will always be safer than non 2 factor because more has to be done than just the one side.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

You can, the concern here is with people, not the specifications of SMS. People can be social engineered to give control of your phone number to someone else. It's happened before, it's not a hypothetical, and it's why security experts advise against using phone based methods.

[–] [email protected] 1 points 1 year ago

Im pretty sure that you would realize something was wrong with your phone then and its useless to them 2factor wise unless they have your password.