Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
deegles
on July 4, 2024
|
parent
|
context
|
favorite
| on:
Twilio confirms data breach after hackers leak 33M...
I have removed all SMS based 2FA from every account that allows it and you should too.
selbyk
on July 4, 2024
|
next
[–]
I'm a bit confused how this is relevant. Authy is a OTP app, nothing to do with SMS.
yieldcrv
on July 4, 2024
|
parent
|
next
[–]
Authy uses SMS based recovery of your entire account, a weaker link that a single service using SMS based OTP
ingatorp
on July 4, 2024
|
root
|
parent
|
next
[–]
You can always disable multi-device, so it can act like a regular OTP auth app.
yieldcrv
on July 4, 2024
|
prev
[–]
and we should do product liability lawsuits on every service that only allows SMS based one time passwords, if they don't allow a client side only option
mort96
on July 4, 2024
|
parent
[–]
Why? 2fa doesn't meaningfully add security if you're using decent passwords, and SMS-based 2fa is no less secure than no 2fa
yieldcrv
on July 5, 2024
|
root
|
parent
[–]
just because SMS is vulnerable to SS7 attacks
mort96
on July 6, 2024
|
root
|
parent
[–]
So you're saying no 2fa is more secure than SMS 2fa?
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
