<div dir="ltr">Given the SMS 2FA vs. standard password, it seems foolish to NOT use the SMS 2FA. There's no such thing as absolute security. SMS 2FA is more secure than the current alternatives. <div><br></div><div>What am I missing?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 27, 2016 at 12:13 AM, der.hans <span dir="ltr"><<a href="mailto:PLUGd@lufthans.com" target="_blank">PLUGd@lufthans.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">moin moin,<br>
<br>
I've been recommending for years that web sites should not be given your<br>
phone number for 2 factor authentication. First of all, they don't need<br>
your phone number :). Secondly, it's not secure.<br>
<br>
Now the NIST agrees.<br>
<br>
<a href="https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=sfgplus&sr_share=googleplus&%3Fncid=sfgplus" rel="noreferrer" target="_blank">https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=sfgplus&sr_share=googleplus&%3Fncid=sfgplus</a><br>
<br>
See also the following.<br>
<br>
<a href="https://danielpocock.com/how-many-mobile-phone-accounts-will-be-hijacked-this-summer" rel="noreferrer" target="_blank">https://danielpocock.com/how-many-mobile-phone-accounts-will-be-hijacked-this-summer</a><br>
<br>
If you're setting up a service to use 2FA, please do not include SMS as<br>
one of the options.<br>
<br>
ciao,<br>
<br>
der.hans<span class="HOEnZb"><font color="#888888"><br>
-- <br>
#  <a href="http://www.LuftHans.com/" rel="noreferrer" target="_blank">http://www.LuftHans.com/</a>        <a href="http://www.PhxLinux.org/" rel="noreferrer" target="_blank">http://www.PhxLinux.org/</a><br>
#  So much shiny, so little time. -- der.hans<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
</font></span></blockquote></div><br></div>