• surreptitiouswalk
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    It’s funny in a sad way that 2FA was supposed to be real secure but like all other security, the human element is the biggest weak point, and the custodians of it (telcos) are asleep behind the wheel.

    • shirro
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      2FA works. It is supposed to be something you know (password) and something you control (like a secure hardware key or app). The problem is people don’t control their phone numbers, the telcos do.

    • Zagorath
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It’s worth noting that 2FA is still a security improvement. Using SMS for 2FA doesn’t introduce any vulnerabilities compared to no 2FA. It’s just not nearly as good as doing 2FA using a TOTP app or dongle. Or using hardware security tokens like FIDO2.

        • Zagorath
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Sure, but that’s separate from 2FA and is pretty common even in places that don’t offer any 2FA.