Comment by yieldcrv
2 years ago
and we should do product liability lawsuits on every service that only allows SMS based one time passwords, if they don't allow a client side only option
2 years ago
and we should do product liability lawsuits on every service that only allows SMS based one time passwords, if they don't allow a client side only option
Why? 2fa doesn't meaningfully add security if you're using decent passwords, and SMS-based 2fa is no less secure than no 2fa
just because SMS is vulnerable to SS7 attacks
So you're saying no 2fa is more secure than SMS 2fa?