• cooopsspace@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    8 months ago

    SMS: Here is your 30s “MFA” code, I’ll send it to you 40 minutes after you need it.

    SMS isn’t 2FA. Its 1.5FA.

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.

  • Hotzilla@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    8 months ago

    Sorry, as IT person I have to disagree, app based MFA is just way much easier to maintain instead of HW keys.

    Edit: forgot to mention that in Finland companies here has to provide phone if your work require that. In IT I don’t want nothing to do with users personal devices, and it sounds insane to me that in US companies force apps to your personal devices.

    • MSids@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      App-based TOTP are not phishing resistant and do not require any level of proximity to the login session. The future is more likely passkeys that use device TPMs.