Hacker News new | past | comments | ask | show | jobs | submit login

I don't think you understood my comment. SMS is not something "you have". You have your phone, the SMS is sent (presumably from namecheap, or from a third party service) through the network and arrives at your phone.

This means at any point between the sender and your phone anyone who has access can know what your "two factor" code is.

If you use true TOTP, i.e. Google Authenticator, then the code is generated via a secret key that lives on your phone, and nothing ever leaves your phone besides printing to screen and showing it to you when you need to log in.

Therefore, SMS "two factor" is not only costly and annoying, but ineffective.

Can I get my upvote back?




> This means at any point between the sender and your phone anyone who has access can know what your "two factor" code is.

and they don't have your account credentials, that's the other half of the two factor approach




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: