• ahriboy@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    3
    ·
    1 year ago

    And SMS messages can be intercepted. Not a good option, use physical security keys instead!

    • TWeaK@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Even authenticator apps are generally better than SMS.

      One thing no one talks about with SMS verifications, though, is that it frequently confirms your phone number to the business you’re giving it to. If they’re in the habit of trading user data, this makes the data much more valuable. I think this is the real reason for many businesses that push for it, when normally they could hardly care less about user security.

    • smeg
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Seriously, while 2FA via SMS is generally much better than nothing, it has zero security so might even make things worse in some cases by providing a false sense of security!

        • smeg
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          RCS isn’t SMS though, nobody mentioned RCS!

          • LoafyLemon@kbin.social
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            RCS is a replacement for SMS, used by the majority of mobile carriers in Europe, Northern America, and Asia. It is used by default in all supported regions.

            • smeg
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              I know what it is, but it’s got nothing to do with this discussion. What company provides 2FA codes via RCS instead of SMS?

                • smeg
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  ·
                  1 year ago

                  Do they? I’ve never seen this as an option. In fact, I’ve never even seen RCS mentioned anywhere outside Android enthusiast forums!

                  • LoafyLemon@kbin.social
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    edit-2
                    1 year ago

                    It’s not surprising if you haven’t come across the rollout of RCS. Google developed this feature as a replacement for the less secure SMS standards and aimed for a seamless implementation without causing user disruptions. This could be a rare instance where we commend Google for a change that benefits users, not just their bottom line.

    • LoafyLemon@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Only if you have the access to the same mast, otherwise no. This vastly reduces the number of attack vectors.