Hacker News new | past | comments | ask | show | jobs | submit login

Encryption is worthless without properly enforcing it. How easy is it to trick your victim's bank into granting you access with a SIM swap? We need 2FA everywhere and stop relying on SMS for authentication.



I agree that we need 2FA and that we shouldn't rely on SMS. That said, saying encryption is worthless because other threat vectors exist is a bit hyperbolic. Security is all about defense in layers. There's several orders of magnitude difference in the difficulty of performing a SIM swap attack vs sucking up passwords on coffee shop wifi.


It's not worthless. It shrinks the attack surface and makes attacks more costly to execute. There's always an arms race though :P


All banks should adopt U2F and hopefully sooner than later :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: