Comment

Comment on MFA

cooopsspace@infosec.pub ⁨9⁩ ⁨months⁩ ago

SMS: Here is your 30s “MFA” code, I’ll send it to you 40 minutes after you need it.

source

Sort:hotnew top

KairuByte@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.

source
- Opisek@lemmy.world ⁨9⁩ ⁨months⁩ ago
  What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?
  
  source
  - KairuByte@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
    I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.
    
    source
  - lorkano@lemmy.world ⁨9⁩ ⁨months⁩ ago
    Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.
    
    source
JasonDJ@lemmy.zip ⁨9⁩ ⁨months⁩ ago
Dude.

My wife’s phone started acting up the other day. It would keep losing cell service and even when it showed a signal, it still would only work on wifi.

That happened a few hours after I ported my phone number (on the same family plan) to another carrier. So naturally, I thought the issue was with the carrier.

Since I planned on porting her number out to my new carrier anyway, I didn’t want to troubleshoot.

Well, get to the new carrier and it’s still not working. Go through the whole process of resetting network settings, and then eventually deleting the esim.

New carrier, though, needs you to receive a text message before they send the esim.

Naturally, with the esim deleted, it couldn’t receive text messages.

source
datelmd5sum@lemmy.world ⁨9⁩ ⁨months⁩ ago
I’ve heard people in the US still use SMS to communicate with eachother. Fucking crazy.

source
- Crashumbc@lemmy.world ⁨9⁩ ⁨months⁩ ago
  Inertia and ease of use are powerful.
  
  SMS “just works” and works for everyone here.
  
  While I would like the new fancy features. At least RCS is bringing some and is seamlessly integrated.
  
  Bonus I have 10+ years of txt history and can scroll/search to find something.
  
  source
  - mexicancartel@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
    Sms just works everywhere though
    
    source
- JasonDJ@lemmy.zip ⁨9⁩ ⁨months⁩ ago
  Only when iPhone users need to send a message to literally anyone else.
  
  source
- Swedneck@discuss.tchncs.de ⁨9⁩ ⁨months⁩ ago
  uhhh that’s not some unique american thing lol, that’s how people here in sweden communicate too
  
  Barely anyone cares what specific protocol is being used, they just care about what app they have to use and who they can reach, and if anyone isn’t using a normal sms app they’re generally using facebook messenger or imessages both of which support sms fallback and thus their users don’t even know there’s a difference half the time.
  
  source
- rickyrigatoni@lemm.ee ⁨9⁩ ⁨months⁩ ago
  why not
  
  source
  - datelmd5sum@lemmy.world ⁨9⁩ ⁨months⁩ ago
    Can you for example send a video, encrypted and to your computer via SMS? I don’t know how much tech they’ve built over the protocol over in the US, but in many parts of the world SMS was charged per message in your phone bill and things like photos or video cost more to send. People abandoned SMS quickly when 3rd party IP messaging apps like whatsapp came out.
    
    source
    rickyrigatoni@lemm.ee ⁨9⁩ ⁨months⁩ ago
    i think most people have unlimited texting and data in america, the greatest country.
    
    source
    -> View More Comments
    ParetoOptimalDev@lemmy.today ⁨9⁩ ⁨months⁩ ago
    I wouldn’t count on your encrypted WhatsApp video actually being secure.
    
    Use signal for that.
    
    source
- jnk@sh.itjust.works ⁨9⁩ ⁨months⁩ ago
  Blame apple for that. IPhone has this proprietary messaging app pre-installed which is probably super convinient for the ecosystem but uses some obsolete SMS protocol to communicate with android phones. I think recently this has gotten better, but only because beeper and the EU pressing on them
  
  source
MeanEYE@lemmy.world ⁨9⁩ ⁨months⁩ ago
SMS is good enough. Sure it’s not as authenticator or some other MFA method, but it’s good enough. Chances of my random account hiding something worth subverting cell operator to get the SMS and my password, are slim to none. At that point don’t upload anything worth that much.

source
Crashumbc@lemmy.world ⁨9⁩ ⁨months⁩ ago
Buy a real phone service. I don’t ever remember missing a code.

source
- cooopsspace@infosec.pub ⁨9⁩ ⁨months⁩ ago
  It’s overwhelmingly whatever provider they use for SMS, or some sort of anti spam checking.
  
  My phone has reception the whole time.
  
  source