How does 1P relate to "SIM crime"?

WFA
WFA
Community Member

"Mobile carriers give control of our numbers to hackers, who can then drain our bank accounts in minutes."

https://www.nbcbayarea.com/news/local/Mans-1M-Life-Savings-Stolen


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @WFA!

    Unfortunately I get a "Page not Found" error when I try to follow that link. But I can tell you that 1Password does not need phone functionality to work, so I am not sure any attack of this type makes sense for 1Password.

  • Ben
    Ben
    edited April 2019

    Hi @WFA,

    Thanks for the updated link.

    The 1Password membership service does not use SMS for any sort of authentication so blunders like this by cell carriers wouldn't have any impact on 1Password. We don't recommend using SMS based authentication for any service that you're using. If given the choice TOTP would be the better option, and 1Password can be used as a TOTP authenticator:

    Use 1Password as an authenticator for sites with two-factor authentication

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • Update: an earlier version of the post above was mistakenly missing the word "don't." To be clear: we do not recommend SMS for authentication.

    Ben

  • WFA
    WFA
    Community Member

    Thank you for that correction, Ben.

  • You're very welcome. I'm glad my colleague @rudy spotted it for me. We do have some other posts about how SMS has been problematic in this regard, dating as far back as 2016ish:

    https://discussions.agilebits.com/discussion/65775/is-otp-more-secure-than-sms-code

    Ben

  • WFA
    WFA
    Community Member

    I checked a couple of financial institutions and found only SMS authentication, and no QR codes.

    1P's TOTP approach appears a bit daunting anyhow.

  • I checked a couple of financial institutions and found only SMS authentication, and no QR codes.

    That's unfortunate.

    1P's TOTP approach appears a bit daunting anyhow.

    It's pretty simple. You just scan the QR code the website gives you using 1Password and then 1Password generates the TOTP codes for you. :)

    Ben

This discussion has been closed.