That would be a clever phishing technique if you know your target no longer owns... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

_jomo on Dec 23, 2017 | parent | context | favorite | on: I got locked out of my Google account for a month

That would be a clever phishing technique if you know your target no longer owns the number associated with an account.

kuschku on Dec 23, 2017 [–]

That's why it's so insane to consider it a safe 2FA source.

6 months. That's all it takes between the last time a user successfully used a phone number, and a new user getting assigned the same number with prepaid SIMs in Germany.

6 months is a damn short time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact