SMS 2FA binds to your phone number, not you or your phone. Nobody is going to intercept SS7; they’re going to call a phone company and port your number to their phone.
Yes, attackers will need to adjust to attack SMS 2FA users, but that is a one-time cost that they will certainly absorb when it's economically necessary. Yep, I agree the same problem with other other non-U2F solutions.
-
-
Thx for your insight btw...it’s much appreciated!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
