nanog mailing list archives
Re: Malicious SS7 activity and why SMS should never by used for 2FA
From: Mark Tinka <mark@tinka.africa>
Date: Mon, 19 Apr 2021 14:53:17 +0200
On 4/19/21 14:47, Mel Beckman wrote:
Then they can buy a hardware token. Using SMS is provably insecure, and for people being spear-phished (a much more common occurrence now that so much net worth data has been breached), a huge risk
Most regular folk (especially those that may not have smartphones) who have the option of SMS or a key fob will end up using SMS because it does not cause them to spend time standing in a queue in a building to give up cash.
Their belief that SMS is secure (enough) has nothing to do with whether it actually is. It's all about convenience, and how much they can get done without speaking to human.
If a key fob can be sent to them - preferably for free - that would help. Mark.
Current thread:
- Re: Malicious SS7 activity and why SMS should never by used for 2FA, (continued)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 17)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Dan Hollis (Apr 17)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA John Adams (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA William Herrin (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA John Adams (Apr 18)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 17)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA William Herrin (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA John Adams (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA John Levine (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mike (Apr 20)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 20)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mark Tinka (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Mel Beckman (Apr 19)
- Re: Malicious SS7 activity and why SMS should never by used for 2FA Tom Beecher (Apr 19)