Email or username:

Password:

Forgot your password?
SwiftOnSecurity's posts Post Back to profile
Top-level
Shaunkoh

@SwiftOnSecurity does this mean that phone number based 2FA isn’t secure anymore? Would app based 2FA be better?

11 January at 5:06 | Wall-to-wall | Open on kopiti.am
2 comments
J. "Henry" Waugh

@Shaunkoh @SwiftOnSecurity my reading: yes*, yes

* = if the 2FA is the *only* requirement to reset your password, unlike e.g. knowing non-public information about you before you are allowed to use 2FA to authenticate on the reset password screen. But a determined hacker might be able to get that too

11 January at 5:16 | Open on chaos.social
Christian Stadelmann

@Shaunkoh @SwiftOnSecurity at least it rules out direct attacks through careless mobile phone providers and weaknesses in 2G…5G, yes.

I would consider app based 2FA safer, but not safe enough for critical purposes. Your smartphone is probably connected to your PC in some way (same local network, same Apple/Google/whatever account, same messenger app(s), some synchronization solution, maybe a common backup solution, …), so those are not fully independent. In other words, if an attacker controls one of them, it is easier to gain control over the other.

@Shaunkoh @SwiftOnSecurity at least it rules out direct attacks through careless mobile phone providers and weaknesses in 2G…5G, yes.

I would consider app based 2FA safer, but not safe enough for critical purposes. Your smartphone is probably connected to your PC in some way (same local network, same Apple/Google/whatever account, same messenger app(s), some synchronization solution, maybe a common backup solution, …), so those are not fully independent. In other words, if an attacker controls one...

11 January at 7:09 | Open on digitalcourage.social
Go Up