The only good solution at this point is to legislate cell carriers to make SMS m... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jimmaswell on Jan 11, 2020 \| parent \| context \| favorite \| on: SMS is not 2FA-secure The only good solution at this point is to legislate cell carriers to make SMS more secure. Everyone perceives it as secure, everything uses it for auth, and it aught to be secure for its own sake.

9nGQluzmnq3M on Jan 11, 2020 [–]

The problem here is not SMS itself, but that it's trivial to socially engineer most operators into transferring somebody else's number to you.

(FWIW, SMS is also insecure in that it's fairly easy to passively snoop on SMS comms, but that's a separate problem.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact