[dyauspitr]

It’s kind of nuts, with one of those SS7 tickets you could easily use a bot to drain 1000s of bank accounts an hour based on the 2FA vulnerabilities.

[IshKebab]

How? It's 2FA not 1FA. I have yet to use an authentication system that only required and SMS code.

[meowster]

Lots of authentication systems use an SMS code to reset your password, thereby essentially becoming 1FA.

[IshKebab]

Can you give an example? I don't think I've ever seen that, especially not from a bank!

[meowster]

Banks usually have information they can ask like Social Secuirty Number (which is inevitably in some leak).

eBay is the first one that comes to mind. I know I've run into it a couple of other times where a website will just offer to text you a code, but usually there is a small link you can click that says "use my password instead".

Facebook and Amazon don't have my cell phone number, but I bet they have an option.

I don't usually try to reset my passwords since I use a password manager, so it's probably more common than that.