Briefly: look into sim swapping, which is the most obvious, day to day risk.
Then there’s SS7 and how inherently trusting the whole system is.
Then depending on where you are, some mobile networks still have terrible link encryption (were talking so bad a normal laptop is enough these days to break it on the fly). Granted, this is rare these days, in part thanks to the efforts of Karsten Knohl, SRLabs and other security researchers who did a lot to shine a light on this and SS7
Not sure how up to date it still is, but https://gsmmap.srlabs.de/ shows how unequal networks are.
ILikeBoobies@lemmy.ca 1 day ago
A big feature of sms is that it’s not encrypted. Every tower that recieves the message is trusted to forward it unaltered. This is one attack avenue.
www.helpnetsecurity.com/2020/11/…/sms-voice-mfa/
Things like the following are generally recommended though Microsoft recommends using their app. www.yubico.com
Hawke@lemmy.world 1 day ago
Okay that makes sense. Yes sms is insecure, not 2fa.