Laurie Voss on Nostr: Am I misunderstanding, or if you have authenticator-app 2FA enabled but an SMS-based ...
Am I misunderstanding, or if you have authenticator-app 2FA enabled but an SMS-based 2FA as a backup on your service, you may as well not bother with the app? An attacker who breaches your phone or clones your number can just pretend they don't have the app and get in anyway?
Published at
2023-12-02 17:19:45Event JSON
{
"id": "20099e5eea877b018e962a9e4931153cc61d087b557495ae8954c60f294cee3b",
"pubkey": "f5c06085f064b9bc90509d589aac438d2d321a5b36a8a6a3e75a714a891bb4a2",
"created_at": 1701537585,
"kind": 1,
"tags": [
[
"proxy",
"https://alpaca.gold/users/seldo/statuses/111511967200897028",
"activitypub"
]
],
"content": "Am I misunderstanding, or if you have authenticator-app 2FA enabled but an SMS-based 2FA as a backup on your service, you may as well not bother with the app? An attacker who breaches your phone or clones your number can just pretend they don't have the app and get in anyway?",
"sig": "ad38980fe1dab4804a375fddc9c74e652e0a8473b58d2ac2e0f79ac050c166c528376e3c20e893d8188d04974b2d25af4895ecc711333d6674aad5cee0c7cec2"
}
