All you 2FA hard token zealots out there saying SMS is worthless because a nation state can pwn it - if a nation state wants your SMS token, they'll get it. They'll beat you up and steal it if you're that important. Stop discouraging orgs from implementing "good enough" security
-
-
I don’t necessarily disagree with that statement, but using what you just said wouldn’t those groups not be safer with a password and SMS 2FA than just a password? Hardware Token>Soft Token>SMS 2FA>password, correct?
-
No, because almost everyone lets you reset password with SMS if you provide it. That's why I call it SMS 1FA.
-
And it's not only "those groups". Boring white dudes are also subject to random angry people, angry exes, etc.
End of conversation
New conversation -
-
-
And if you have accounts that control any assets of value, takeover of them absolutely needs to be a big part of your threat model.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.