Is 2FA via SMS on the way out?
There is a 9to5 Mac article which suggests that Apple and others will prevent SMS 2 Factor Authentications.
9to5mac.com/2016/07/26/sms-too-insecure-for-2fa/
What does Agilebits think of this?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
It's a good thing since SMS itself is an insecure channel.
Also, it's not that Apple will prevent them, they would be complying with the standard to not use SMS for this authentication method, which is the right thing to do.
0 -
There are some folks that resist the Internet and technology altogether as well. ;)
Ben
0 -
And there are issues if one is travelling.
I like in England and my non-smart cell phone is not used when I am in the USA
0 -
Many people can't even get SMS messages when they travel internationally, since they either don't have a cellular plan that allows them to receive SMS messages internationally or they buy a SIM card in the country where they are traveling… and that has a completely different phone number.
0 -
Potentially relavent:
Linus Media Group had an issue where the founder's cell provider was compromised (social engineering?) and they created an unauthorized party a SIM for Linus' account (so that the unauthorized party started getting all of his calls / texts, and he stopped getting them).
Ben
0 -
On behalf of Ben and the rest of us here, you are quite welcome! :)
It's always enlightening to chat about these sorts of things.
0 -
I have a great video too about this happening to another persons account, BUT it has some borderline language. I would message the video to somewhere to check it out, but yeah... I can't message people...
Anyways, I added a 4-8 digit PIN to my cell account. No one can make any changes to my cell account unless they give the cell phone provider my PIN. I suggest everyone do this.
0 -
Ok, @khad here it is. Basically saying as the video above, and shows how they did it too. Warning, some profanity in this video.
0 -
Hi
Any thoughts on dual SIM phones? There are Microsoft and Android versions. I may pick one up, Lumia 640, while stocks last. The 650 updated version is impossible to find.
0 -
I would love a dual SIM phone. Unfortunately, I rely too heavily on iOS and apps that are only available for iOS to use a non-Apple phone. I can dream of one day having a dual-SIM iPhone, but I'm probably just dreaming… :)
0 -
Agreed; dual SIM sounds awesome but I'm pretty well embedded in the Apple ecosystem. I've tried Android, and I have used Windows for years (still do), but iOS & Mac are my go-to and I don't see that changing in the near future.
Ben
0 -
I am having this odd issue where the Apple 2FA refuses to appear on my designated iPad. I'm currently using Windows 7, not OS X El Capitan. Because I repeatedly hit resend new code, I've now exceeded the number of retries. I haven't used the recovery key, which will work.
I've tried again after a short duration and the 2FA now works when it should have been immediate?
0 -
The point of the matter is, Ben, is that 2FA isn't perfect and can have hiccups, like what I've experienced when the code isn't delivered timely.
0 -
I'd agree, when it comes to 2FA via SMS.
Ben
0 -
To all who replied,
Thanks for putting things is perspective, how true! :-)
0 -
There have been other options, though probably more inconvenient, like a hardware based OTP device. I don't have any to try but it is supposedly more secure than plain old SMS. An inconvenience is that if each vendor requires one device each, then you will end up with one device for Citibank, one device for RSA, etc, etc. :(
0
https://youtu.be/LlcAHkjbARs
https://youtu.be/caVEiitI2vg