🏒 Lucian Marin If they add a first factor (4 digits PIN code) and this second factor (cnet.com/news/yaho...), then we won't have to remember a password ever again. The PIN code is a weak link, but doesn't do much without your phone. Your phone is a weak link, but you won't get the SMS without the PIN code. Chained together they're almost stupid and fail proof.
Login or register your account to reply
Martijn SMS is a very open protocol, and actually isn't treated as safe by many security researchers. If they know your phone number and guess the 4 digit PIN, chances are you can be cracked. Not to say multi-factor authentication isn't the way forward, it totally is! Google Authenticator might be a solution, while we keep waiting for FIDO.
8y, 36w 2 replies
🏒 Lucian Marin It depends on implementation. Generated code sent as SMS can be time sensitive (30 mins availability window), based on your location, IP or other specific data. So, even if someone knows the PIN code, they have to own your phone too. Also, there should be a quick way to disable the account if someone has access to both.
8y, 36w 1 reply