SMS spoofing and SIM swapping have been around for ages. It was never secure and that’s always been known. The number of companies that rely on it despite sending me a zillion other fucking useless emails is too damn high! Email, or better yet, an authenticator app, are far more secure. Not perfect, but better.
So, it’s not that the message itself is insecure, but the inability to verify the sender makes phishing attacks possible or similar things. I get a text from a random number saying “click this link to pay your bill!” And I don’t have any way to trust its legit.
SIM swaps make it so people can take over your phone number temporarily and then generate 2fa requests to gain access to accounts. Doing the swap usually involves bribing someone or gaining access to a providers database by other means, but its been done a lot.
There are ways to prevent this, but the most straight forward is using a MFA app. Barring that 2FA via email is the next best thing.
One big reason I’m hesitant to keep my money in banks is because banks think the best form of two-factor authentication is text message based 2FA and I’m like that’s barely any 2FA at all.
My banks are like that too. Of course I can’t speak to anyone who might influence that decision. Steam has better security than almost any other account I have. I appreciate them for that but it also seems ludicrous to me that my video games are more secure than my bank accounts.
I have some crypto, some stocks, etc. For many things I still need standard banking though. Crypto just isn’t there yet. Maybe someday… But having money distributed is still smart either way, so I have many baskets for my eggs.
SMS spoofing and SIM swapping have been around for ages. It was never secure and that’s always been known. The number of companies that rely on it despite sending me a zillion other fucking useless emails is too damn high! Email, or better yet, an authenticator app, are far more secure. Not perfect, but better.
Wait, how is email more secure than SMS?
https://en.m.wikipedia.org/wiki/SMS_spoofing
So, it’s not that the message itself is insecure, but the inability to verify the sender makes phishing attacks possible or similar things. I get a text from a random number saying “click this link to pay your bill!” And I don’t have any way to trust its legit.
SIM swaps make it so people can take over your phone number temporarily and then generate 2fa requests to gain access to accounts. Doing the swap usually involves bribing someone or gaining access to a providers database by other means, but its been done a lot.
There are ways to prevent this, but the most straight forward is using a MFA app. Barring that 2FA via email is the next best thing.
One big reason I’m hesitant to keep my money in banks is because banks think the best form of two-factor authentication is text message based 2FA and I’m like that’s barely any 2FA at all.
My banks are like that too. Of course I can’t speak to anyone who might influence that decision. Steam has better security than almost any other account I have. I appreciate them for that but it also seems ludicrous to me that my video games are more secure than my bank accounts.
I keep my money in Monero. That way, it’s me who has to be targeted instead of an institution. And if I fuck up and lose it, it’s my own damn fault.
I have some crypto, some stocks, etc. For many things I still need standard banking though. Crypto just isn’t there yet. Maybe someday… But having money distributed is still smart either way, so I have many baskets for my eggs.
I keep a little bit in the bank, like enough to pay my bills and such, but any extra I put into Monero.