Yes. Unfortunately, alternative (Security Key) has many issues as well. I actually think we should go to 3FA.https://twitter.com/FmrAirForceGC/status/760845240630546432 …
-
-
it's just a number you send there and back again. SIM-card app would be nice, if you want the combination of both.
-
I want the "thing you have" to have one more layer of protection.
- Show replies
New conversation -
-
-
security keys with a PIN are good and readily available. I use them myself. Service support is the missing component.
-
Still too marginal. I'd like that to be a standard; and not a short pin, etc. I think we'll get there.
End of conversation
New conversation -
-
-
I don't think nation-state ownership is the problem with SMS. It's susceptibility to spoofing and interception.
-
Yes, all those, too. Talking 140 at a time here. If you live in a country where gov't & telco basically same, also nation-state.
End of conversation
New conversation -
-
-
the threat model for banking login is not the nation state in which the bank lives.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Could be fixed if MNOs encrypted SMS & mobile traffic - resistance is nation states' security apparatus, but benefits would be huge.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The real downside of SMS: the SS7 network has no protection against redirection attacks whatsoever.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Google authenticator or similar is still viable but maybe has other issues
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.