Hacker News new | past | comments | ask | show | jobs | submit login

You're missing the biggest vulnerability. SMS means you're tied to a phone company, which has a tech support line staffed with people who's main job is keeping their call times down. It's shockingly easy to socially engineer them into sending a copy of your SIM to some random address and completely defeat the 2FA on your system.

And once they have your texts, getting a CSR to reset the password on all of your important accounts is super easy. By far the biggest security vulnerability on major services is the customer support representatives.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact