Standardizing SMS for OTP is a terrible idea — it normalizes use of an authenticator with known vulnerabilities. Better to pursue alternatives.https://www.macrumors.com/2020/01/31/apple-standardized-format-sms-one-time-passcodes/ …
-
-
Maybe I don’t fully understand what they’re doing, but I don’t see a security improvement here, and perhaps the opposite.
-
We crossed threads
https://twitter.com/conorgil/status/1224102154291404800?s=19 …
The decrease in security you see is not the suggested format/changes/etc, but the fact you think this will prolong the life of SMS 2FA, right?
Kraj razgovora
Novi razgovor -
-
-
If the SMS OTP message includes the authentication domain and the device is paired to the browser, then we can offer phishing resistance. Does not solve sim swaps, hijacking, ss7, etc, but it is still a massive win because phishing is by far the largest threat for avg users.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
I’m in favor of the proposal, even though my startup focuses on
#FIDO &#WebAuthn. SMS OTP will be used broadly for many years to come due to its simple implementation and use. CC@rmondelloHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Security UX
Host of the All Things Auth Podcast
Co-creator
CS PhD student
Formerly 