Thread replies: 17
Thread images: 1
Thread images: 1
File: sms-two-factor-authentication.png (41KB, 728x380px) Image search:
[Google]
41KB, 728x380px
since two-factor authentication is not recommended anymore how do you protect your accounts?
>>
>>60342721
why is it suddenly dead?
>>
>>60342721
Not recommended by who?
>>
>>60342721
tell me why i need two factor authentication
>>
>>60342744
Because it's suddenly a common knowledge you can spoof ss7 packets to intercept SMS.
>>
>>60342744
>>60342751
>>60342764
in January, attackers exploited well-known SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts. After first using traditional Banking Trojan implants to perform the first stage of account compromise, and learning the account balances, they then selectively compromised the SS7 system to redirect the text messages banks used to send one-time passwords. Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers. The attackers then used the mobile transaction authentication numbers to transfer money out of the accounts.
>>
Carrier pigeons and smoke signals.
>>
2FA is not limited to SMS, you dum
>>
>>60342788
So for this to be effective the malicious party needs to first infect a bank with a trojan; that surely cant be too easy. otherwise theyre just taking a random shot in the dark
>>
>>60342764
2fa can be done with a lot more than sms..email(which is usually stupid if you can reset your password with the same email account), apps on your phone (steam for example), physical devices like rsa keyfobs and ubikeys. I think blizzard has a ohysical rsa like device you can order.
>>
>>60342850
yes, but most banks use SMS 2FA only and that's a huge security risk
>>
>>60342896
Doesn't mean you shouldn't enable it. Anyone know if chase has a 2fa app instead of SMS? My credit union doesn't have any 2fa at all lol.
>>
>>60342806
This my bank's method include taking a selfie in order to generate a qr code
>>
That's funny. I still have a paper list of numbers, and for every payment I'm asked for a specific number. My bank has been pushing SMS verification lately, meaning they'd text the number instead. When did the possession-factor in MFA change from "something you have" into "something we send you"?
>>
>>60342721
SMS 2FA has always been shit, telecomm providers are niggers and will give your number to anyone who pretends they're you
You do TOPT 2FA, and keep your shit safe just like you would with your passwords, or >>60343886
>>60342896
Most banks have shit security, there was this small bank in the US that was susceptible to heartbleed for weeks
>>
>not using a card reader for banking 2fa
>not using a dedicated secure app such as Authy for other 2fa
Why do people do this?
>>
>>60344944
people do all kind of stupid shit. most people don't even use 2fa unless forced on them
Thread posts: 17
Thread images: 1
Thread images: 1