This is a warning shot for everyone who uses SMS for 2FA or for apps that only give an SMS option. Change up.
-
-
Show this thread
-
New conversation -
-
-
I fear the average web user remains pretty oblivious to 2FA unless it's forced, nevermind which methods are secure.
- Show replies
New conversation -
-
-
The security of SMS for 2FA really depends on the interception point. Not all countries use the stronger A5/3 encryption for SMS. In some countries SMS are sent without encryptionhttps://security.stackexchange.com/questions/11493/how-hard-is-it-to-intercept-sms-two-factor-authentication …
-
In general though, token based is the way to go
- Show replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Not being rude but SMS has been known as insecure for years. It's convenient for those 'lost my phone' moments but in reality it should be avoided like an Ebola victim...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
