HOW did the CEO of Twitter's account get hacked? Don't y'all have people for that? An oh shit button? 2FA? Something?
36
55
5
551
SIM hijacking is a thing, and why SMS should never be used for two factor authentication
1
4
What factor would you prefer though?
3
Something that can't be taken away from me without my knowledge. So, yubikey, TOTP, or even push notification, etc.

Aug 30, 2019 路 11:47 PM UTC

1
2
SMS 2FA is always better than no 2FA though.
1
1
If SMS is purely for 2FA then yes. but quite often adding SMS 2FA also lets you use SMS for account recovery, and that is worse than having no 2FA.
1
1