I evangelize SMS 2FA because it prevents large-scale commodity attackers and because token management is the hardest part (and SMS makes someone else do it for you) but it’s not the end of the path and not solely appropriate for people with privileged access.
-
Show this thread
-
Replying to @SwiftOnSecurity
I got hacked via SMS 2FA and SIM hijacking a year or two back so it's hard to justify for me at this point
1 reply 1 retweet 1 like -
Replying to @ow @SwiftOnSecurity
That sounds like a lot of effort. Why did they go through that?
1 reply 0 retweets 0 likes -
Replying to @thijsniks @SwiftOnSecurity
It's not that hard, maybe about 15-20 minutes work. I have a short username.
1 reply 0 retweets 1 like -
Replying to @ow @SwiftOnSecurity
Sim hijack was the result of them getting into your telecom provider account?
1 reply 0 retweets 0 likes -
Replying to @thijsniks @SwiftOnSecurity
All you have to do is call them, often, and they'll switch it. Took two tries.
1 reply 0 retweets 1 like
Replying to @ow
T-Mobile is, to my knowledge, the only Dutch provider which allows you to set an account password to prevent this. Though unsure if they enforce it…
2:37 PM - 1 Aug 2018
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
at
retweets