I’ve been reviewing some of my security choices after the latest LastPass breaches. I see some password managers discouraging SMS-based 2FA in favor of Authenticator-based 2FA. I’m curious to understand how SMS 2FA gets compromised: what does attackers need to do? How easy is it to compromise?
In: 9
Social attack vector. “Yes hello servicedesk? I am John Smith and my phone died. I could not be without so I bought a new one, but can’t log in with it.”
Given the pressure on most service desks, verification of these things tends to be minimal.
Technical attack vector would be the cloning of a SIM.
Latest Answers