2fa over SMS should be illegal
@staticsafe @Elizafox sadly also Bank of America uses it as well (unless you get the physical token device which is flimsy crap)
@frank @staticsafe Ah yes it is fantastic 💯 when they want you to trust your entire financial well-being to the security of SS7, which was never designed for security since The Phone Company™ (AT&T) was the only one who was using it.
@Elizafox @staticsafe At least Google Voice works with Bank of America for 2FA which being VoIP service shouldn't be affected by UDID cloning
@Elizafox 2FA over SMS It is currently against NIST standards.
It is technically illegal for any US-ran government service to use SMS for authentication purposes.
Unfortunately, that's not enforceable.
@ghedipunk we need to teach against this in schools
@Elizafox Absolutely... and this is why I jumped on favoriting, boosting, and commenting on your post so quickly... Really is a soapbox of mine that I can't resist standing on.
@ghedipunk @Elizafox 2FA only offered over SMS should be a crime, so many services I can't 2FA on because they don't allow you to use some other [T]*OTP client
@Elizafox my favorite is when you have hardware and they try and push SMS 2fa on you
way to go
@Elizafox counterpoint: it's still better than app-based authentication
(but yes, ALWAYS offer email or such also)
@Elizafox but if you criminalize 2FA over SMS then only criminals will have 2FA over SMS
!
@Elizafox tell that to PayPal -_-