Posts: 16,260
Threads: 10,307
Thanks Received: 9,363 in 7,509 posts
Thanks Given: 10,343
Joined: 12 September 18
17 October 18, 10:26
![[Image: 2fa-practical-guide-featured.jpg]](https://media.kasperskydaily.com/wp-content/uploads/sites/92/2018/10/16090209/2fa-practical-guide-featured.jpg)
Quote:In the past couple of years, the concept of two-factor authentication (2FA), long the preserve of geeks, has found its way into the mainstream. However, the talk is still largely confined to using 2FA for one-time passwords over SMS. Sad to say, this is not the most reliable option. Here’s why:
- It’s easy to sneak a peek at passwords sent by SMS if lock-screen notifications are enabled.
- Even if notifications are turned off, a SIM card can be removed and installed in another smartphone, giving access to SMS messages with passwords.
- Password-bearing SMS messages can be intercepted by a Trojan lurking inside the smartphone.
- Using various underhanded tactics (persuasion, bribery, etc.), criminals can get hold of a new SIM card with the victim’s number from a mobile phone store. SMS messages will then go to this card, and the victim’s phone will be disconnected from the network.
- SMS messages with passwords can be intercepted through a basic flaw in the SS7 protocol used to transmit the messages.
Full reading:
https://www.kaspersky.com/blog/2fa-pract...ide/24219/
![[-]](https://www.geeks.fyi/images/collapse.png)
