Hacker News new | past | comments | ask | show | jobs | submit login

I completely agree.

SMS 2FA is, at best, just adding a little hassle for the hacker. If it's not a targeted attack, there's a chance that the extra effort means they'll move on, but that won't stop any remotely determined hacker.




And isn't that true for most of the people? Still better than nothing right?


I'm not sure it's better, at least not in all cases. If you can reset your password or login without password using SMS, and you had a strong password, it could be worse.


that would be a veryy incorrect implementation of 2FA. Wouldn't be surprised if some service works that way, but would def. be unfortunate


Some services work in exactly this way; it's like using a magic link to log you into a website in the browser from an app on your phone/computer.


I agree it's def better than nothing. But I think most end users think 2FA SMS is the equivalent of hiring an armed security guard at your door, not when it's really the equivalent of putting an ADT sign in your front lawn from amazon.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: