• @[email protected]
    link
    fedilink
    English
    166
    edit-2
    8 months ago

    SMS: Here is your 30s “MFA” code, I’ll send it to you 40 minutes after you need it.

    SMS isn’t 2FA. Its 1.5FA.

    • @[email protected]
      link
      fedilink
      English
      898 months ago

      SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.

      • @[email protected]
        link
        fedilink
        English
        508 months ago

        What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?

        • @[email protected]
          link
          fedilink
          English
          108 months ago

          I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.

        • @[email protected]
          link
          fedilink
          English
          88 months ago

          Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.

    • @[email protected]
      link
      fedilink
      English
      16
      edit-2
      8 months ago

      Dude.

      My wife’s phone started acting up the other day. It would keep losing cell service and even when it showed a signal, it still would only work on wifi.

      That happened a few hours after I ported my phone number (on the same family plan) to another carrier. So naturally, I thought the issue was with the carrier.

      Since I planned on porting her number out to my new carrier anyway, I didn’t want to troubleshoot.

      Well, get to the new carrier and it’s still not working. Go through the whole process of resetting network settings, and then eventually deleting the esim.

      New carrier, though, needs you to receive a text message before they send the esim.

      Naturally, with the esim deleted, it couldn’t receive text messages.

      Her issue did end up being her phone. Even after the port went through in full, it was still hit-or-miss with cell service. Worked on wifi though.

    • @[email protected]
      link
      fedilink
      English
      148 months ago

      I’ve heard people in the US still use SMS to communicate with eachother. Fucking crazy.

      • @[email protected]
        link
        fedilink
        English
        22
        edit-2
        8 months ago

        Inertia and ease of use are powerful.

        SMS “just works” and works for everyone here.

        While I would like the new fancy features. At least RCS is bringing some and is seamlessly integrated.

        Bonus I have 10+ years of txt history and can scroll/search to find something. And since my phone is Google (I know evil) I can access it all from the desktop seamlessly in one window.

      • @[email protected]
        link
        fedilink
        English
        88 months ago

        uhhh that’s not some unique american thing lol, that’s how people here in sweden communicate too

        Barely anyone cares what specific protocol is being used, they just care about what app they have to use and who they can reach, and if anyone isn’t using a normal sms app they’re generally using facebook messenger or imessages both of which support sms fallback and thus their users don’t even know there’s a difference half the time.

        • @[email protected]
          link
          fedilink
          English
          -28 months ago

          Can you for example send a video, encrypted and to your computer via SMS? I don’t know how much tech they’ve built over the protocol over in the US, but in many parts of the world SMS was charged per message in your phone bill and things like photos or video cost more to send. People abandoned SMS quickly when 3rd party IP messaging apps like whatsapp came out.

          • @[email protected]
            link
            fedilink
            English
            18 months ago

            I wouldn’t count on your encrypted WhatsApp video actually being secure.

            Use signal for that.

            • @[email protected]
              link
              fedilink
              English
              38 months ago

              Yeah data got unlimited here before texts, which caused people to move on to other things. Now texts are usually unlimited, but that train has already sailed.

      • @[email protected]
        link
        fedilink
        English
        38 months ago

        Blame apple for that. IPhone has this proprietary messaging app pre-installed which is probably super convinient for the ecosystem but uses some obsolete SMS protocol to communicate with android phones. I think recently this has gotten better, but only because beeper and the EU pressing on them

    • @[email protected]
      link
      fedilink
      English
      -148 months ago

      SMS is good enough. Sure it’s not as authenticator or some other MFA method, but it’s good enough. Chances of my random account hiding something worth subverting cell operator to get the SMS and my password, are slim to none. At that point don’t upload anything worth that much.

      • @[email protected]
        link
        fedilink
        English
        08 months ago

        It’s overwhelmingly whatever provider they use for SMS, or some sort of anti spam checking.

        My phone has reception the whole time.