Hacker News new | past | comments | ask | show | jobs | submit login

TOTP is only better than SMS against SIM swapping, a rare threat. They are identical against phishing, an enormously more common problem. For a typical user the delta in security when transitioning from SMS to TOTP is minimal.



... or trivial number porting attacks like the one described in this exact article.

Depends on your threat model, but unlike SIM swapping this may not be out of the reach of even a mildly technical angry ex.


And a mildly technical angry ex is a lot less likely than phishing. These are valuable topics but people go way way way too far and say that SMS is horrible and should be basically banned while TOTP is fabulous and a completely viable alternative, which is just fantasy.


My protection against phishing is my password manager. If the site is fake, it won't find the password for it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: