| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by buro9 1055 days ago

Email is better still.

At worst it's no worse than SMS, but at best it's at least secure in transport and effectively free.

The downside to email is primarily that data is not a roaming perk for many. But if it's too access an app then a reasonable assumption of internet access even if not on the mobile is valid.

2 comments

airtag 1055 days ago

The other two downsides are: Some people may chose not to have their email account on the phone. Personally I don't want to carry around access to my main email at all times (the same goes for access to my main bank account, BTW.)

Also, email delivery sometimes takes a very long time, it can be minutes, if you rely on email forwarding to protect your main email address.

Auth apps are better for 2FA, at least for me.

link

yosito 1055 days ago

If it weren't for SMS 2FA, I wouldn't carry around my "phone" number on my phone. I'd just use data-only SIM cards.

link

weird-eye-issue 1055 days ago

Email is absolutely worse than SMS

link

rkeene2 1054 days ago

In what way is email worse than SMS ?

link

weird-eye-issue 1054 days ago

First of all it's not two factor. Which is the entire point of two factor authentication. Just do a little bit of thinking on this, you'll get it

link

rkeene2 1053 days ago

How is SMS two factor when email is not ?

Separate from that, it is not productive for you to tell me to think about it more -- for all you know I've implemented two factor authentication in various forms for decades (from OPIE when I worked at NRL to Smartcards within DOD to Passkeys currently). What would be more productive is to get more insight into what you're thinking

link

weird-eye-issue 1052 days ago

If you have access to somebody's email you can just click reset password and then click the "2FA" in their email and then you have access to their account

Does that happen with SMS? Hmm...

link

rkeene2 1051 days ago

The same situation seems to be true of SMS, if you have gained access to their account then you can use that to perform 2FA as well. In this situation, it doesn't seem to be significantly different in terms of security.

To answer your question on whether or not people access other people's SMS accounts -- yes! That's one reason it's not recommended any longer. Additionally, there's often less security possible for ones SMS account versus ones email account.

link