There’s no “interception” involved in defeating SMS 2FA. Everyone seems to assume this is a complicated technical SS7 attack. No, nobody is doing that.
Thanks, I know what 2FA is; I need to know what you think it solves so I can explain why it's an issue, that's what you asked 
-
-
You make some fair and valid points. I guess I was thinking primarily about most semi-automated attacks (not targeted/real-time ones). Question: wouldn’t you then agree the issue is not only w/SMS? Wouldn’t you have the same problem with app authenticator OTP’s as well? Or push?
-
Yes, attackers will need to adjust to attack SMS 2FA users, but that is a one-time cost that they will certainly absorb when it's economically necessary. Yep, I agree the same problem with other other non-U2F solutions.
- 1 more reply
New conversation -
-
-
Is U2F the only true “safe” MFA in your view?
-
Yes, it's not perfect (for example, malware still an issue), but it does actually solve phishing which is more than most of the others do!

- 1 more reply
New conversation -
-
-
RSA, Duo, Google Authenticator all would suffer from the same social engineering tactic, no?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.