top | item 35678519

(no title)

mszary | 2 years ago

Authentication is one thing. When it comes to banking - the authorization is the key (no pun intended ;) Believe it or not, SMS is still one of the best ways to authorize sensitive transactions, even when compared to other popular options like TOTP or FIDO. The cool thing about SMS is that it gives you more context about what you're authorizing, so you're not blindly accepting requests from the bank without understanding what they're for. It's not perfect, but it's still pretty handy

discuss

turnsout|2 years ago

I hear you, but the not so cool thing about SMS is how trivially easy it is to clone a SIM. My level of trust for information passing through the SMS channel is near-zero.

mszary|2 years ago

You're absolutely right - SIM swapping is a major threat in many parts of the world. If you're a target and the attacker is determined, you could be in serious trouble. However, it's more cost-effective for bad guys to launch phishing campaigns using malicious proxies like Evilginx or Modlishka to target the masses.