Hey, look. Reddit got owned up. STOP USING SMS 2FA. It doesn’t work.https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/ …
That is a different discussion, about the weak transport security of SMS. I mean literally, even if SMS was secure, what does SMS 2FA buy you? I'm being serious, I don't think it solves any problem.
-
-
Here is what it solves: a lot of phishing attacks originate from Nigeria. Even 2FA w/SMS will prevent most phishing/credential theft account takeover. We InfoSec people know too much and that’s why we always default to worst case scenarios
-
What do you mean by "solve", you mean attackers will have to make minor changes to their code? I do not agree causing attackers minor temporary inconvenience qualifies as solving the problem.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.