|
|
|
|
|
|
by robbya
2355 days ago
|
|
|
> Imagine someone in a domestic abuse situation Depending on how abusive you are thinking, that sounds like rubber hose cryptanalysis. That's a hugely powerful approach and I think all 2FA can be bypassed with that, if not most of modern cryptography. https://en.m.wikipedia.org/wiki/Rubber-hose_cryptanalysis > having their phone taken Keep in mind that other 2FA methods also are phone based, like TOTP / Google Authenticator. Those also fail if your unlocked phone is taken. SMS is even weaker than those, but still better as a second factor versus nothing. |
|
|
If somebody has your phone, a physical address associated with you, and some basic biographical information, they can continue recovering access to your accounts in a way which is difficult to escape, especially because of the misplaced trust in using phone numbers for security.
The threat in that situation is being vulnerable and having to digitally escape as well as physically escape, and if you don't do both simultaneously you can be continuously compromised in a way which is very difficult to succeed.