Isn't 2fa by sms bad though? You hear a new case almost every week of someone wh... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

bmon on Feb 1, 2017 | parent | context | favorite | on: Dropbox New Plans: Pay If You Want 2FA

Isn't 2fa by sms bad though? You hear a new case almost every week of someone whose telco was socially engineered to gain access to their phone number linked 2fa/account recovery.

omgitstom on Feb 1, 2017 [–]

Bad is relative, it is bad compared to other more secure methods. But if you can't guarantee that your users have a smartphone, SMS is still a needed option.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact