Yet another example of why SMS is terrible for 2fa and account ... • Aaron Parecki

Yet another example of why SMS is terrible for 2fa and account recovery.

"the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable"

https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/

Chicago, Illinois, USA • 39°F

#security #sms #2fa

Fri, Nov 16, 2018 3:23pm -06:00

7 likes 9 reposts 2 replies
Have you written a response to this? Let me know the URL:
- sander micro.blog/sander
  
  @aaronpk had to make the case against sms 2fa this week but nowadays a simple websearch for the phrase returns mostly negative articles so it was easier than expected.
  
  Sat, Nov 17, 2018 9:36am +00:00
- Christopher Lemmer Webber octodon.social/@cwebber
  
  @aaronpk You and I have had some conversation recently about the degree to when we do and don't want to use bearer token systems (I think we're both for them in some cases/ways and wary in others? but the division seems unclear), and the frequency of DB leaks may also be a good indicator in some places
  
  Fri, Nov 16, 2018 9:26pm +00:00

Posted in /notes using quill.p3k.io