Malicious SS7 activity and why SMS should never by used for 2FA

• Previous message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Next message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'd add to that that people probably shouldn't treat phones as a
> significant increase in security, it's not really the out-of-band
> device that it used to be/was in the 1990s. Today, it basically
> equates to a second computer and the probability that the second
> computer is also compromised isn't overly unrealistic.

by the same attacker?  raises the bar a bit.  it's just a second factor,
not a guarantee.

i am a fan of the google token and don't like having to carry a
different hw token for everyone who wants to hw 2fa me.

but i think $ubject is correct.  sms 2fa is roadkill.

randy

---
randy at psg.com
`gpg --locate-external-keys --auto-key-locate wkd randy at psg.com`
signatures are back, thanks to dmarc header butchery

• Previous message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Next message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]