
How hard is it to intercept SMS (two-factor authentication)? - vlr
https://security.stackexchange.com/questions/11493/how-hard-is-it-to-intercept-sms-two-factor-authentication
======
ggm
SMS is weak against state actors.

3G interception is not impossible but you have to ask yourself how many people
in which economies and why you suffer the attack.

SMS in some economies with poor process can be subverted by requesting the
mobile number be ported. This attack means they get your SMS message but also
have to drain your funds or conduct the attack by intent before you can
reverse the number port out or remove the 2FA via backup codes and redirect.

If you're being _targetted_ then I suspect the risks are worse. But as a
random threat? This feels below the noise threshold.

Overall SMS 2FA is better than simply using a password but worse than TOTP (in
my opinion)

