Malicious SS7 activity and why SMS should never by used for 2FA

William Herrin bill at
Mon Apr 19 15:48:55 UTC 2021

On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka <mark at> wrote:
> It's all about convenience, and how much they can get
> done without speaking to human.

Hi Mark,

Convenience is the most important factor in any security scheme. The
user nearly always has a choice, even if the choice is as
rough-grained as "switch to a different company." If your process is
too onerous (the user's notion of onerous) then it simply won't be
used. An effective security scheme is the strongest which can be built
within that boundary.

> If a key fob can be sent to them - preferably for free - that would help.

Hint: carrying around a separate hardware fob for each important
Internet-based service is a non-starter. Users might do it for their
one or two most important services but yours isn't one of them.

Bill Herrin

William Herrin
bill at

More information about the NANOG mailing list