Josh the BlockadedSep 4, 2024
It's 2024, and this is the majority of 2FA in a nutshell:

Institution: I'm sending you a code I need you to put into this form.
Institution: Also don't give it to anyone.
Institution: Oh except me.
Institution: Oh except for these other codes which we'll send from the same shortcode but will never ask you for.
Institution: Don't get confused or hacked lol

#infosec #security
Show threadUrzlSep 4, 2024

@josh Just the fact that no company makes any priority of registering their damn phone numbers is plenty to know they're not taking any of this seriously.

Giant companies with 10k consumer facing calls a day all from "Unknown Number" are still surprised that trust and customer responsiveness are declining.

Show threadJosh the Blockaded
@gooba42 It’s also still trivially easy to spoof. I get that there’s recourse if caught, but I could with my knowledge convince you that I’m the bank from caller id, or convince the bank that I’m you.
Sep 4, 2024 at 3:57amWeb
Show threadUrzlSep 4, 2024

@josh All of the challenges are imposed on consumers because it's so much easier for a company to disavow responsibility than for a consumer to do so when bad actors are involved.

I now need to put a freeze on my credit because the companies that traded, hoarded and purchased my data created an enormous honeypot made of my data and none of them will be held responsible for the consequences.

Show threadJosh the BlockadedSep 4, 2024
@gooba42 Yep, same, and I'm walking my parents through a freeze too. It's fun because they're mid-70's and are in a stage of life where they don't know how to do anything and also don't want anyone else to do or know anything about their life/health/banking info, which makes the theoretical guessing game to get their freezes correctly in place insane.

Pretty sure I said last night in a text thread "well can you give me a fucking clue?" <-- this is the stage where I'm at in the guessing game of "don't let mom get hacked" lol