assurance - RE: [Assurance] attacks on SMS-based 2FA
Subject: Assurance
List archive
- From: "Caskey, Paul" <>
- To: "" <>
- Subject: RE: [Assurance] attacks on SMS-based 2FA
- Date: Thu, 24 Jul 2014 12:32:01 +0000
- Accept-language: en-US
- Authentication-results: ironport160b.utsystem.edu; dkim=neutral (message not signed) header.i=none
I would not throw all telephony-based MFA under the bus along with SMS...
A crypto-based solution would not suffer from these problems.
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Tom
> Scavo
> Sent: Thursday, July 24, 2014 7:24 AM
> To:
>
> Subject: [Assurance] attacks on SMS-based 2FA
>
> You may have heard this news about attacks on SMS-based 2FA at banks
> around the world:
>
> https://twitter.com/trscavo/status/492079055647559681
>
> It's becoming clear that 2FA methods based on telephony, while better than
> no 2FA at all, are less effective than other methods. The relative strength
> of
> authentication probably goes something like this:
>
> telephony < soft tokens < hard tokens
>
> but that would require further justification.
>
> Tom
- [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Von Welch, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Farmer, Jacob, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Cantor, Scott, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Mark Beadles, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
Archive powered by MHonArc 2.6.16.