Malicious SS7 activity and why SMS should never by used for 2FA

John Adams jna at
Mon Apr 19 16:58:42 UTC 2021

The goal of U2F is one key fob that works on many services. Implementation is pretty simple and the hardware is inexpensive.

Sent from my iPhone

> On Apr 19, 2021, at 08:51, William Herrin <bill at> wrote:
> On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka <mark at> wrote:
>> It's all about convenience, and how much they can get
>> done without speaking to human.
> Hi Mark,
> Convenience is the most important factor in any security scheme. The
> user nearly always has a choice, even if the choice is as
> rough-grained as "switch to a different company." If your process is
> too onerous (the user's notion of onerous) then it simply won't be
> used. An effective security scheme is the strongest which can be built
> within that boundary.
>> If a key fob can be sent to them - preferably for free - that would help.
> Hint: carrying around a separate hardware fob for each important
> Internet-based service is a non-starter. Users might do it for their
> one or two most important services but yours isn't one of them.
> Regards,
> Bill Herrin
> -- 
> William Herrin
> bill at

More information about the NANOG mailing list