Y
Hacker News
new
|
ask
|
show
|
jobs
by
ahelwer
2950 days ago
Because SMS is used in password-recovery workflows, meaning it isn't a second factor at all - it's a single, easily-breakable factor.
2 comments
jeromegv
2950 days ago
Except your bank already has your phone number. If phone was already part of the recovery process, it didn’t make it any less safe by enabling 2FA SMS
link
kevin_nisbet
2950 days ago
This only happens if SMS get's used in the password-recovery workflow. I don't think there is evidence that TD is using SMS to replace password reset.
So I really don't see how this makes security worse.
link