Malicious SS7 activity and why SMS should never by used for 2FA

• Previous message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Next message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The goal of U2F is one key fob that works on many services. Implementation is pretty simple and the hardware is inexpensive.


Sent from my iPhone

> On Apr 19, 2021, at 08:51, William Herrin <bill at herrin.us> wrote:
> 
> On Mon, Apr 19, 2021 at 5:54 AM Mark Tinka <mark at tinka.africa> wrote:
>> It's all about convenience, and how much they can get
>> done without speaking to human.
> 
> Hi Mark,
> 
> Convenience is the most important factor in any security scheme. The
> user nearly always has a choice, even if the choice is as
> rough-grained as "switch to a different company." If your process is
> too onerous (the user's notion of onerous) then it simply won't be
> used. An effective security scheme is the strongest which can be built
> within that boundary.
> 
>> If a key fob can be sent to them - preferably for free - that would help.
> 
> Hint: carrying around a separate hardware fob for each important
> Internet-based service is a non-starter. Users might do it for their
> one or two most important services but yours isn't one of them.
> 
> Regards,
> Bill Herrin
> 
> -- 
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/

• Previous message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Next message (by thread): Malicious SS7 activity and why SMS should never by used for 2FA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]