|
|
|
|
|
|
by kevincox
808 days ago
|
|
|
Yes. SMS is completely about raising the insecure people to some base level of difficulty to compromise. This is often at the cost of more secure individuals. The problem is that you can't force users to use a decently strong unique password. You can force them to set up SMS 2FA (with very minor exceptions of people without SMS access). Moving the base bar from credential stuffing to SIM swapping is a huge upgrade for big services. |
|
|
unique is the key word. you can certainly force users to use a decently strong password, but not keep them from using the same password at every other website.