Cybersecurity

23 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

[email protected]

So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn't mention SIM-swap attacks, which are unavoidable. It can't be (hear-me.social)

submitted 2 days ago by [email protected] to c/[email protected]

19 comments fedilink hide all child comments

https://gizmodo.com/feds-warn-sms-authentication-is-unsafe-after-worst-hack-in-our-nations-history-2000541129

#Cybersecurity

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 day ago

@[email protected] Honestly, it's a "reach" reason. most people have a phone capable of receiving texts or a voice message (An actual call). Not everyone has a smartphone (or the technical chops to get a legitimate OTP app and setup TOTP). Is that an excuse to NOT offer TOTP or other better MFA options? No it isn't, but then they probably decided to not pay the extra 10c per user for the additional auth option. Cost/benefit analysis, with security not even being a part. If you want your banks to support more robust auth, hound the financial regulators to start making it a requirement.