How about code being sent through SMS? Or using an OTH token, or something not forcing an app? Where I live, what’s worse about those token apps, is that some do not work if not under google play. Some do, but most don’t. I had to show them their app didn’t work in a LOS4uG phone (no GApps at all), and they sold me the OATH token, they were not even going to sell it to me, because banks are enforcing the app, which to me it’s a horrible practice. But banks are private entities, so I don’t know if there can be legal actions filed against those practices, though I’m no lawyer, neither I have time, neither money to start such demands, but I’m thinking it should be possible.
In my country the government is also trying to enforce QR codes through an app, right now the enforcement was put on pause, given an action filed against it, but I’m suspecting it’ll still be enforced in the end… It’s sad to see where things are moving…
But this are randomly generated numbers, short term lived. They don’t make any sense to anyone, if not having the other authentication factors, in the multi factor authentication. That’s why they are multi factor (2nd in most cases). And those banks token apps, I guess they provide client server encryption, which bumps up security on the token sent a bit, but in my mind not enough to say just because you receive SMS tokens, it’s quite easy to get into you bank account, without having all authentication factors at hand, and all the time, remember those tokens are short lived.
You mean for accessing your bank account from a phone? Or just accessing your account in general?
In General, because you need an app as second factor.
How about code being sent through SMS? Or using an OTH token, or something not forcing an app? Where I live, what’s worse about those token apps, is that some do not work if not under google play. Some do, but most don’t. I had to show them their app didn’t work in a LOS4uG phone (no GApps at all), and they sold me the OATH token, they were not even going to sell it to me, because banks are enforcing the app, which to me it’s a horrible practice. But banks are private entities, so I don’t know if there can be legal actions filed against those practices, though I’m no lawyer, neither I have time, neither money to start such demands, but I’m thinking it should be possible.
In my country the government is also trying to enforce QR codes through an app, right now the enforcement was put on pause, given an action filed against it, but I’m suspecting it’ll still be enforced in the end… It’s sad to see where things are moving…
SMS as 2FA is not allowed anymore in the EU starting some time in 2022, IIRC. Not 100% sure though.
deleted by creator
SMS based 2FA terrifies me.
https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/
But this are randomly generated numbers, short term lived. They don’t make any sense to anyone, if not having the other authentication factors, in the multi factor authentication. That’s why they are multi factor (2nd in most cases). And those banks token apps, I guess they provide client server encryption, which bumps up security on the token sent a bit, but in my mind not enough to say just because you receive SMS tokens, it’s quite easy to get into you bank account, without having all authentication factors at hand, and all the time, remember those tokens are short lived.
They aren’t going to bother trying to get the 2fa code until they already have your password, and by then, it’s already too late.
Like this kid, did a SIM swap attack and hijacked 2fa codes.
https://www.engadget.com/canada-cryptocurrency-arrest-171617452.html