Gregory's Server@SwiftOnSecurity Ugh, I'm trying to think of effective mitigation for services that FORCE phone number based recovery, and coming up dry. I've encountered several services like this and desperately wish there was a solution.
|
Top-level
@SwiftOnSecurity Ugh, I'm trying to think of effective mitigation for services that FORCE phone number based recovery, and coming up dry. I've encountered several services like this and desperately wish there was a solution. 1 comment
|
@kevinmirsky ironically?
Bringing back those stupid security questions... if they actually put it into the password recovery workflow before 2FA, and you put in nonsense answers they can't guess (as I always do)
If you meant you as a user, I think our only defense is trying to prevent them from connecting the recovery phone number to the account based on our telephony setup
@SwiftOnSecurity seems to mention VoIP and cell specifically, even though I don't presume it's exclusive to them