People handed over these phone numbers/emails for a very specific and delineated reason: to better protect their account. First of all, it undermines trust - which is the last thing you want to do when dealing with a security mechanism. However, many services and users have stuck with text messaging for 2FA because it’s the least complex for users - and the issue with any security practice is that if it’s not user-friendly, no one will use it, and that doesn’t do any good either.īut using phone numbers given for 2FA purposes for notifications or marketing is really bad. These days, good 2FA usually involves using an authenticator app, like Google Authenticator or Twilio’s Authy or even better a physical key such as the Yubikey or Google’s Titan Key.
#AUTHY DESKTOP TWILIO INC. CODE#
Many hacks involved people “SIM swapping” (using social engineering to have your phone number ported over to them), and then getting the 2FA code sent to the hacker. Over time, people realized that this method was less secure. That is, when you tried to login on a new machine (or after a certain interval of time), the service would have to text you a code that you would need to enter to prove that you were you. In the early days of 2FA, one common way to implement it was to use text messaging as the second factor. It’s not perfect (Twitter’s recent big hack routed around 2FA protections), but it is many times better than just relying on a username and password. I know many people are too lazy to set it up, but please do so. In case you’re somehow unaware, two-factor authentication is how you should protect your most important accounts. There are many things that big internet companies do that the media have made out to be scandals that aren’t - but one misuse of data that I think received too little attention was how both Facebook and later Twitter were caught using the phone numbers people gave it for two factor authentication, and later used them for notification/marketing purposes.
0 kommentar(er)
