Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
37
on Nov 11, 2019
|
parent
|
context
|
favorite
| on:
Ontario police warn of SIM swapping fraud
Is this something that 2FA would protect against? Doesn't seem like it...
taysix
on Nov 11, 2019
|
next
[–]
Correct, if it's 2FA with a phone number. Avoid 2FA with a phone number if possible and use any other method (OTP, YubiKey's, etc.)
mmahemoff
on Nov 11, 2019
|
prev
|
next
[–]
Phone number is already a 2FA for regular logins in many services. The problem is their processes also allow it to used in a 1FA reset scenario, so it's not true 2FA.
TheChaplain
on Nov 11, 2019
|
prev
|
next
[–]
If a sites uses the phone number as a 2FA, no it will not...
analog31
on Nov 11, 2019
|
prev
[–]
I'm not a security expert, but it would seem to make sense, to have the password reset 2fa come to an account that your phone isn't attached to.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
