• fucking annoying
  • can’t believe they sold people that it’s BETTER to have to get your phone out to login
  • incredibly annoying
  • if you’re using this willfully you’re clearly just as worried about security as before anyway
  • companies love having real phone numbers to pair with ‘their’ data
  • HubertManne@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I don’t think thats necessarily true. If diverting phonecalls were so easy there are a bunch of reasons outside of two factor attacks that it would be used for.

      • HubertManne@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        you seem to be limiting it to sms. you do realize your talking to a person who mentioned microsofts option to call you and you hit pound. They actually have an app where you input a two digit number and if anything I would have liked them to expand the phone call function with that. Anyway I was not speaking about sms but I still feel the vulnerabilities are overblown when used with a good password.

          • HubertManne@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            yes microsoft was the one I was complaining about but you can’t redirect phone calls in the same way as sms and sms itself is mostly vulnerable due to legacy things that they could stop using and finally that article was not just 2 factor but bringing in using sms for a password reset which is really insecure but unrelated to 2factor. 2factor will always be safer than non 2 factor because more has to be done than just the one side.

            • atocci@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              You can, the concern here is with people, not the specifications of SMS. People can be social engineered to give control of your phone number to someone else. It’s happened before, it’s not a hypothetical, and it’s why security experts advise against using phone based methods.

              • HubertManne@kbin.social
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Im pretty sure that you would realize something was wrong with your phone then and its useless to them 2factor wise unless they have your password.