moin moin,
I've been recommending for years that web sites should not be given your
phone number for 2 factor authentication. First of all, they don't need
your phone number :). Secondly, it's not secure.
Now the NIST agrees.
https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=sfgplus&sr_share=googleplus&%3Fncid=sfgplus
See also the following.
https://danielpocock.com/how-many-mobile-phone-accounts-will-be-hijacked-this-summer
If you're setting up a service to use 2FA, please do not include SMS as
one of the options.
ciao,
der.hans
--
# http://www.LuftHans.com/ http://www.PhxLinux.org/
# So much shiny, so little time. -- der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)