[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: [Krebs on Security] The Limits of SMS for 2-Factor Authentication

I like the Google Authenticator idea, and even the "push" technology
mentioned, but I just wish it weren't *Google* -- which, from Edward
Snowden's leaked documents show, is just another corporate entity willing
to bend over backwards at the government's behest.  Someone needs to come
up with a non-centralized, distributed authentication system that doesn't
have a single point of failure.

P.S. BTW, it's funny that he mentioned the Social Security Administration
     moving towards 2-factor.  He must have written this before the SSA
     reversed themselves...

 > From: Flora  <http://www.gmail.com/~flora>
 > Date: Thu, 8 Sep 2016 05:01:06 -0400
 >
 > Don't be tricked. Think before you forward on your two factor
 > authentication code.
 > ---------- Forwarded message ----------
 > From: "Brian Krebs Bot" <http://www.krebsonsecurity.com/~bk>
 > Date: Sep 7, 2016 9:43 PM
 > Subject: [Krebs on Security] The Limits of SMS for 2-Factor Authentication
 > To: <http://www.krebsonsecurity.com/~bk>
 > Cc:
 > 
 > Krebs on Security has posted a new item.
 > >
 > > A recent ping from a reader reminded me that I've been meaning to blog
 > > about the
 > > security limitations of using cell phone text messages for two-factor
 > > authentication online. The reader's daughter had received a text message
 > > claiming to be from Google, warning that her Gmail account had been locked
 > > because someone in India had tried to access her account. The young woman
 > > was
 > > advised to expect a 6-digit verification code to be sent to her and to
 > > reply to
 > > the scammer's message with that code.
 > >
 > > http://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/


Why do you want this page removed?