> I saw mentions that SMS is insecure, but I never heard about a credible remote attack that didn't include provider cooperation or taking over your phone.
Technically correct, but how likely those attacks are seems to depend on the country. While I'm not aware of this being an issue in any EU country, sim swapping is a common thereat at least in the USA. Yes, American providers really need to improve the security of their procedures, but this means that in the current situation the security of any authentication flow based on SMS heavily depends on which country the user is located.
Technically correct, but how likely those attacks are seems to depend on the country. While I'm not aware of this being an issue in any EU country, sim swapping is a common thereat at least in the USA. Yes, American providers really need to improve the security of their procedures, but this means that in the current situation the security of any authentication flow based on SMS heavily depends on which country the user is located.