|
|
|
|
|
|
by BoppreH
3338 days ago
|
|
|
Seems vulnerable to phishing. The attacker already uses phishing to get account number, password and phone number; now they just have to send a fake 2Factor message and observe how the number is translated. Even if the function is lossy, it has very little entropy. Maybe even vulnerable to brute forcing... I agree with the other poster, Google Authenticator looks like a better solution. |
|
|