Why are Push Notification login approvals worthless?
-
-
-
Because the user is trying to login (to a phishing site), so why wouldn't they approve it?
- 11 more replies
New conversation -
-
-
First time user - SSL certificates. Returning users - Account identifiers/keyword upon login. This helps you identify that it’s the same service and relationship that you established originally. Long term solution - identity.
- 1 more reply
New conversation -
-
-
U2F should be an exception though.
-
Until Google's WebUSB standard destroys that safety as well
- 1 more reply
New conversation -
-
-
As an aside, of the people who advocate SMS 2FA, how many have locked their SIM with a PIN? Because otherwise, it’s like that picture of a gate with no fence.pic.twitter.com/JJTd5AKyYd
-
This Tweet is unavailable.
New conversation -
-
-
It’s good to be aware of the limitations, but they aren’t worthless. Many phishing schemes don’t immediately try to login to the site being mimicked, meaning that the push notification will come at an unexpected time.
-
Assuming bad phishes. Why wouldn't they? It's not hard with relatively traightforward toolkits.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.