|
|
|
|
|
|
by GhostVII
2405 days ago
|
|
|
I think it's fine because in order for someone to hack me if I have true 2FA authentication with SMS, they would both have to both get my password, and do some kind of social engineering attack to get access to my messages. If you have a secure password already, that is probably good enough security for the vast majority of people. Just because the second factor can be compromised, doesn't make it useless. Pretty much any security mechanism can be breached, it's all about increasing the difficulty of an attack until it matches the value of what you are trying to protect. SMS 2FA protects you against untargeted attacks like credential stuffing, which is probably sufficient for 95% of people. |
|
|
You must have not followed any SIM-jacking story, which is the point of this entire thread.
1. They don’t need your password because their goal is a password reset through your recovery phone, or recovery email address “secured” by a recovery phone.
2. They do social engineering on telecom employees (or outright buy them out for a pittance) to not only get access to your messages, but take over your entire link to your cellular network. You’re not involved in any of this.
TL;DR: the second factor makes you less secure, not more. It’s a downgrade from a secure password. It makes you defenseless.