Hacker News new | past | comments | ask | show | jobs | submit login

2FA with SMS protects against password reuse or leaks. It's my understanding that SMS is weak against attacks targeted at particular people while being sufficiently strong for the majority of cases.



SS7 attacks scale better. SIM cloning is a lot of effort just to compromise a single SMS number.

In general, SMS is better than no 2FA, but it's weaker than OTP/OTH or a token like YubiKey or Titan.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: