Hacker News new | past | comments | ask | show | jobs | submit login

>in some countries, that legally requires a passport/national ID tied to the phone number

Isn't that BETTER compared to anybody getting a phone number and using it to hack into your 2FA account?

>-Offers no means of backup*

That has nothing to do with SMS for 2FA. There are websites using SMS for 2FA that DO offer a backup way to authenticate in case you have an issue with your phone.

- Forgot to disable 2fa on that one account you log into once a year, before changing your phone number? have fun with that




> Isn't that BETTER compared to anybody getting a phone number and using it to hack into your 2FA account?

Huh? Are we talking about the same thing?

> There are websites using SMS for 2FA that DO offer a backup way to authenticate in case you have an issue with your phone.

A backup is not the same thing as a master key (even if we call those "backup codes"). I'll grant you that those are usually enough.


>Huh? Are we talking about the same thing?

What I'm saying is that a potential attacker that might divert PINs to their mobile phone, would at least have to be registered to get that phone account in the first place.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: