undefined | Better HN

0 pointsagumonkey4y ago0 comments

I don't know about you, but in the days of smartphones, login + mail + sms seems pointless. The only lock is the pin code / fingerprint on your phone, since when that is unlocked, the attacker gets to trigger all validation steps.

0 comments

opheliate4y ago

The important part is having physical access to the phone. A targeted attack against you now requires a physical element, rather than being entirely online.

willvarfar4y ago

Agree with everything you say, but add to that a lot of sms 2fa exploits are sim or redirection attacks. It’s possible to get access to a phone number without access to the phone.

Here’s an old story of a friend who had a weird talk with someone who had redirected their phone:

https://williame.github.io/post/24949768311.html

danuker4y ago

Assuming the phone is not remotely exploited.

j / k navigate · click thread line to collapse