Hacker News new | ask | show | jobs
by diabeetusman 2147 days ago
2FA with SMS protects against password reuse or leaks. It's my understanding that SMS is weak against attacks targeted at particular people while being sufficiently strong for the majority of cases.
1 comments
thephyber 2147 days ago
SS7 attacks scale better. SIM cloning is a lot of effort just to compromise a single SMS number.

In general, SMS is better than no 2FA, but it's weaker than OTP/OTH or a token like YubiKey or Titan.

link