Ripper
Зичу Вам успіхів
- Joined
- November 8, 2014
- Messages
- 12,085
With that Twatter story, just to add to that a bit about 2FA (2 factor authentication), because that's how they got these phone numbers; by making a texted authentication necessary for "security". There's a bit of debate around 2FA, with some saying it's a scam, and others saying that's stupid FUD, because it's great for security.
The thing is, in principle it is great for security… but it can be implemented in a disingenuous way that is also about getting valuable identifying information, like your phone number.
Texting a verification to a phone number is actually a terrible way of doing 2FA. There are completely open source solutions (like Aegis) that work using a system called TOTP. The idea of that app is that the two systems - you and the system you're logging into - don't need to communicate or know anything about each other, as long as you have exchanged encryption keys. Then, both parties can agree on codes based on their key and the current time, without communicating at all.
That's where 2FA is a great idea pretty much everywhere, and these buggers know that very well.
The thing is, in principle it is great for security… but it can be implemented in a disingenuous way that is also about getting valuable identifying information, like your phone number.
Texting a verification to a phone number is actually a terrible way of doing 2FA. There are completely open source solutions (like Aegis) that work using a system called TOTP. The idea of that app is that the two systems - you and the system you're logging into - don't need to communicate or know anything about each other, as long as you have exchanged encryption keys. Then, both parties can agree on codes based on their key and the current time, without communicating at all.
That's where 2FA is a great idea pretty much everywhere, and these buggers know that very well.
Last edited:
- Joined
- Nov 8, 2014
- Messages
- 12,085