Hacker News new | ask | show | jobs
by UncleMeat 1924 days ago
TOTP is only better than SMS against SIM swapping, a rare threat. They are identical against phishing, an enormously more common problem. For a typical user the delta in security when transitioning from SMS to TOTP is minimal.
2 comments
arsome 1924 days ago
... or trivial number porting attacks like the one described in this exact article.

Depends on your threat model, but unlike SIM swapping this may not be out of the reach of even a mildly technical angry ex.

link
UncleMeat 1923 days ago
And a mildly technical angry ex is a lot less likely than phishing. These are valuable topics but people go way way way too far and say that SMS is horrible and should be basically banned while TOTP is fabulous and a completely viable alternative, which is just fantasy.
link
pgsimp 1923 days ago
My protection against phishing is my password manager. If the site is fake, it won't find the password for it.
link