|
|
|
|
|
|
by lowcodetv
2053 days ago
|
|
|
I believe I (+ the paper) addressed counterarguments 1-3, so agree to disagree. But... > Also from a theoritical point of view: it's a completely different communication channel, so if someone has somehow taken over the first channel (via some malware running on the email client/computer), then they still need to take over second channel. ...is a very good point. Although, (without any data to back up this claim), I would think most users with a compromised device have a fully compromised device. Edit: > Hoping for security by obscurity (i.e. the 2nd email is now a "secret") isn't great. To clarify, that's not exactly the point. If the attacker discovers the value for the phone number or 2nd email (through a data breach), then it becomes targeted, which brings us back to the security of SMS vs email (the parent article). |
|
|