Hey, look. Reddit got owned up. STOP USING SMS 2FA. It doesn’t work.https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/ …
Which "credential theft" attack do you claim it prevents? It doesn't prevent the common ones, phishing, malware, keylogging, etc.
-
-
How does it not prevent a phishing attack with credential theft?
-
Stage 1: "Please enter password", Stage 2: Forward password to target website, Stage 3: "We sent you an SMS, enter code here", Stage 3: Forward phished token to target website.
End of conversation
New conversation -
-
-
You steal my Office 365 or GMail creds and try to log in but will be promoted for 2FA code.
-
Thanks, I know what 2FA is; I need to know what you think it solves so I can explain why it's an issue, that's what you asked

- 3 more replies
New conversation -
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.