this post was submitted on 18 Sep 2023
5 points (100.0% liked)

netsec

1240 readers
1 users here now

Technical news and discussion of information security.

Rules:

  1. Be excellent to each other
  2. Keep it on topic
  3. Absolutely no PII or doxing
  4. No disclosure posts

founded 2 years ago
MODERATORS
t8r
5
When MFA isn't actually MFA (retool.com)
submitted 1 year ago by repostbot33 to c/netsec
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] sylver_dragon 2 points 1 year ago

I've made the argument before and continue to stand by it. SMS as an MFA factor will always be a weak second factor. It's not really "something you have". It's just a time limited second password. This is fine for low security applications. But, if you need higher security, go to smartcard, yubukey or something that must be physically present.