N-gated Hacker NewsMay 14, 2025
🎉🤦‍♂️ "SMS 2FA is the latest villain in the saga of technology vs. grandma's fish pond." 🌄📞 Because, clearly, the ultimate measure of tech evil is how it inconveniences the septuagenarian meme queens of Appalachia. 🐟💻
https://blog.stillgreenmoss.net/sms-2fa-is-not-just-insecure-its-also-hostile-to-mountain-people #SMS2FA #TechVsGrandma #MemeQueens #AppalachianHumor #FishPondSaga #HackerNews #ngated
SMS 2FA is not just insecure, it's also hostile to mountain people

i have a friend -- she's an old lady born and raised here in the western north carolina mountains. she hates computers, yes, but she's be...

stillgreenmoss
Show threadLisPiAug 22, 2023

@Jamesivan96 @tychosoft @fixatedpersonsunit We already have functioning systems though.

I would be overjoyed if this finally pushed banks away from the idiocy of #SMS2FA which they persist in using despite #NIST actively recommending against it. That better alternative? It's called #TOTP.

Show threadLisPiFeb 28, 2023

@hotkey As good a moment as any to note that banks are directly ignoring #NIST recommendations in using #SMS2FA

https://pages.nist.gov/800-63-3/sp800-63b.html#-5133-authentication-using-the-public-switched-telephone-network

NIST Special Publication 800-63B

NIST Special Publication 800-63B

Ralf BachmannFeb 19, 2023

2-Factor Authentication App "Authy". Same App (Cloud) for many devices and OS.

https://authy.com/

SMS 2FA #SMS2FA #2FA #2factorbypass #2factorauthetification #Authy

Authy | Two-factor Authentication (2FA) App & Guides

Two-factor authentication (2FA) adds an additional layer of protection beyond passwords. Download our free app today and follow our easy to use guides to protect your accounts and personal information.

Authy
LisPiFeb 19, 2023

@ScriptFanix @BernetaWrites Yeah, that's been a suspicion with the #SMS2FA cancellation with no plans to explain how to switch to other safer authenticators & no care for the issues of just leaving accounts with only single-factor authentication.

Automated bots sitting on cracked lists of leaked passwords & reaping those accounts the second SMS2FA goes out.

Show threadLisPiFeb 18, 2023

@dalias @erincandescent @mjg59 There are additional problems with #SMS2FA even when done properly.

#NIST has commented on it.

https://pages.nist.gov/800-63-3/sp800-63b.html#-5133-authentication-using-the-public-switched-telephone-network

https://mastodon.top/@lispi314/109887107613102438

NIST Special Publication 800-63B

NIST Special Publication 800-63B

LisPiFeb 18, 2023

Daily reminder that #SMS2FA is such a bad idea that even #NIST agrees it shouldn't be used and is deprecated: https://pages.nist.gov/800-63-3/sp800-63b.html#-5133-authentication-using-the-public-switched-telephone-network

https://www.theregister.com/2016/12/06/2fa_missed_warning/

#SMS #2FA #MFA #MultiFactor #MultiFactorAuthentication #Security #Authentication

NIST Special Publication 800-63B

NIST Special Publication 800-63B

Show thread@infosec_jcp 🐈🃏 done differentlyFeb 18, 2023

@mastodonmigration

🗑️#SMS2FA 🚮 #FreeTwitter 🚮🗑️

Show threadLisPiFeb 16, 2023
@Torchwood Huh that's weird, it's working on my end. Well, in any case it's just a short statement by myself about #TOTP > #SMS2FA and a link to #NIST as a reference: https://pages.nist.gov/800-63-3/sp800-63b.html#-5133-authentication-using-the-public-switched-telephone-network
NIST Special Publication 800-63B

NIST Special Publication 800-63B

Show threadLisPiFeb 16, 2023

@remi @cstross Refusal to learn from the past is responsible for a lot of the current issues.

Some of it wasn't even just refusal, but trivialization of the problems too as inconsequential.

I think part of it has to be addressed in education going forward.

Also the mentioned continued use of #SMS2FA deeply annoys me. It should be criminal for any business to do so at this point.

https://mastodon.top/@lispi314/109812891458783440

LisPi (@[email protected])

@[email protected] I do need to highlight that #SMS2FA is insecure and basically worthless. https://pages.nist.gov/800-63-3/sp800-63b.html#-5133-authentication-using-the-public-switched-telephone-network #TOTP is a much better scheme. So it's not just a lack of more robust authentication, it's also just pure neglect in avoiding what's currently considered bad practice by many service providers. #SMS #2FA

Mastodon.top