There’s no “interception” involved in defeating SMS 2FA. Everyone seems to assume this is a complicated technical SS7 attack. No, nobody is doing that.
What do you mean by "solve", you mean attackers will have to make minor changes to their code? I do not agree causing attackers minor temporary inconvenience qualifies as solving the problem.
-
-
This isn't a "perfect is the enemy of the good" scenario, which is what I think you were trying to argue. For that to be the case, there would have to be some good - and I claim there is none, maybe even a little harm (false sense of security, used as ineffective stopgap, etc).
-
My thinking is that non-U2F is still valuable for less “phish prone” users...would u agree? In other words, if u combing 2FA w/security Awareness Training, perhaps the sky is not falling?

- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.