← Back to context Comment by deegles 2 years ago I have removed all SMS based 2FA from every account that allows it and you should too. 7 comments deegles Reply selbyk 2 years ago I'm a bit confused how this is relevant. Authy is a OTP app, nothing to do with SMS. yieldcrv 2 years ago Authy uses SMS based recovery of your entire account, a weaker link that a single service using SMS based OTP ingatorp 2 years ago You can always disable multi-device, so it can act like a regular OTP auth app. yieldcrv 2 years ago and we should do product liability lawsuits on every service that only allows SMS based one time passwords, if they don't allow a client side only option mort96 2 years ago Why? 2fa doesn't meaningfully add security if you're using decent passwords, and SMS-based 2fa is no less secure than no 2fa yieldcrv 2 years ago just because SMS is vulnerable to SS7 attacks 1 reply →
selbyk 2 years ago I'm a bit confused how this is relevant. Authy is a OTP app, nothing to do with SMS. yieldcrv 2 years ago Authy uses SMS based recovery of your entire account, a weaker link that a single service using SMS based OTP ingatorp 2 years ago You can always disable multi-device, so it can act like a regular OTP auth app.
yieldcrv 2 years ago Authy uses SMS based recovery of your entire account, a weaker link that a single service using SMS based OTP ingatorp 2 years ago You can always disable multi-device, so it can act like a regular OTP auth app.
yieldcrv 2 years ago and we should do product liability lawsuits on every service that only allows SMS based one time passwords, if they don't allow a client side only option mort96 2 years ago Why? 2fa doesn't meaningfully add security if you're using decent passwords, and SMS-based 2fa is no less secure than no 2fa yieldcrv 2 years ago just because SMS is vulnerable to SS7 attacks 1 reply →
mort96 2 years ago Why? 2fa doesn't meaningfully add security if you're using decent passwords, and SMS-based 2fa is no less secure than no 2fa yieldcrv 2 years ago just because SMS is vulnerable to SS7 attacks 1 reply →
I'm a bit confused how this is relevant. Authy is a OTP app, nothing to do with SMS.
Authy uses SMS based recovery of your entire account, a weaker link that a single service using SMS based OTP
You can always disable multi-device, so it can act like a regular OTP auth app.
and we should do product liability lawsuits on every service that only allows SMS based one time passwords, if they don't allow a client side only option
Why? 2fa doesn't meaningfully add security if you're using decent passwords, and SMS-based 2fa is no less secure than no 2fa
just because SMS is vulnerable to SS7 attacks
1 reply →