Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> My grandmother almost told her SMS 2FA to some scammer on the phone claiming to be from her bank. If they asked her password she would have immediately understood the scam.

For a second factor to be useful, they would already have to have her password.



In a theorethical world where 2fa means 2fa, but in reality the sms code is often enough by itself.


Okay, then that's not a problem with 2FA, and certainly doesn't fit in an anti-2FA rant, because it isn't 2FA.


No, you just need to know the account number and you can click something to the tune of "forgot password".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: