Hacker News new | past | comments | ask | show | jobs | submit login

I read a blog where someone got hacked through a simcard clone, and they went into the details of how easy it was to do. This prompted me to enable 2fa on everything I could, but the funny thing is, a lot of the backup options for 2fa is -- you guessed it -- your cell phone number. Some of them don't even allow you not to use your cell phone as a backup. I think Github and Slack are like this, but I may be wrong, it has been a while since I turned them on.



The most important thing is: DONT use your telco phone number in any of your sensitive accounts. Replace that phone number with a Secure phone number: the article recommends using Google Voice -> since this can't be compromised in the same way that a telco phone # can be.


With GitHub the SMS backup option is just a secondary choice, not required.

A UbiKey or similar device or just storing the recovery codes + using an app is the best route in that one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: