|
|
|
|
|
|
by Normille
1324 days ago
|
|
|
This is a bit vague, as I can't remember which site it was. I think either eBay or PayPal. But... a while back I visited one of those 'send a 2FA code to you via SMS' websites and, not noticing the SMS bit, I entered a 2FA code from my phone's authenticator app as the number I'd been sent by SMS --which worked to let me in. When the actual SMS 2FA code arrived on my phone a few mins later [crap phone signal here] I noticed it was the same code. So it seems like at least one site is just forwarding you the same code your authenticator app would generate, as an SMS. I'm not sure of the security implications of that --if any. I've also noticed that, quite often when I check verious bank and credit card accounts, one after the other, the 'please enter the Xth, Xth, Xth and Xth numbers from your security code' prompt is asking for the same numbers, on each bank's site. Which strongly suggests a load of separate banks are using the same centralised security prompt generation --which sounds like a bad case of 'single point of failure' to me. |
|
|