I'm disagreeing with SMS 2FA being "basically useless". I don't think the data supports that.
I definitely disagree, you don't have to be a skilled attacker to buy a php phishing script. Right now it's more expensive for so little benefit, but when it's the only option, why wouldn't they?
-
-
Because people don't operate like that. Why do people, even people whose lives are on the line, reuse passwords? Just saying "you have to buy a phishing script" will scare off so many opportunistic attackers.
-
I'm confused, how did they get their existing script? Editing it themselves works too. You agree that SMS-2FA does not require any capability that the attacker has not already demonstrated, or you're saying adding or buying some code is a new capability that attacker won't have?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.