Context: in principle SMS 2FA is one factor. Its failure alone isn't enough for account hijacking if the other factor— password— holds
But passwords can be reset by email
And some email providers allow reset by… SMS
Turtles all the way
https://www.issms2fasecure.com/
Disagree, even then SMS 2FA makes zero sense, it's a phishable solution to phishing. That's just bananas. People argue it still has some value impeding credential stuffing. Sure, all those password reusers who aren't vulnerable to phishing, all zero of them.
-
-
Not disagreeing with that Point was SMS is particularly bad when it can also be used to reset password or email— then it is not 2FA, it is just 1FA (As an aside: TOTP is also phishable. Anything short of public-key crypto fails on that criteria)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Agreed. SMS 2FA survives to this day mainly due to our inability to sell business people friendly ways for people to recover access without ithttps://twitter.com/olemoudi/status/1075862340648779782 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.