Second Factor SMS: Worse Than Its Reputation \ stacker news ~security

pull down to refresh

Second Factor SMS: Worse Than Its Reputation www.ccc.de/en/updates/2024/2fa-sms

175 sats \ 8 comments \ @kepford 12 Jul 2024 security

view all related items

55 sats \ 1 reply \ @SatsMate 13 Jul 2024

Yikes, In my opinion some two factor authentication si better than none...

0 sats \ 0 replies \ @kepford OP 13 Jul 2024

No question. But SMS is terrible.

14 sats \ 5 replies \ @zuspotirko 12 Jul 2024

I agree stat sms is a horrible second factor.

However, just doing a second https connection just uses the exact same technological implementation as the first factor. It's still the best/ most advisable thing to do.

Best would be if we finally implemented TLS encryption over phone network that are outside of internet/cellular. I doubt that will ever happen tho. Mankind will abolish POTS infrastructure in favor of VoIP completely before we implement TLS on POTS.

55 sats \ 4 replies \ @Bell_curve 12 Jul 2024

Authenticator is more secure than sms?

34 sats \ 3 replies \ @kepford OP 12 Jul 2024

Using an open source OTP app like Aegis is far better than SMS.

Avoid Google Auth

55 sats \ 0 replies \ @Bell_curve 18 Jul 2024

Thanks for the recommendation

0 sats \ 1 reply \ @TNStacker 12 Jul 2024

How about Cisco Duo? My employer likes them.

34 sats \ 0 replies \ @kepford OP 13 Jul 2024

I wouldn't consider a closed source option. Not familiar with Cisco Duo. It may be fine but I always look for FOSS options.