assurance - Re: [Assurance] attacks on SMS-based 2FA
Subject: Assurance
List archive
- From: Von Welch <>
- To:
- Subject: Re: [Assurance] attacks on SMS-based 2FA
- Date: Thu, 24 Jul 2014 09:11:08 -0400
> telephony < soft tokens < hard tokens
Why are "soft tokens" - which I interpret as mobile app based approaches -
stronger than SMS?
Is the inter-application separation stronger such that it is harder for a
trojan to scrape SMS messages than data from another App? How much harder and
how long before we expect that to fail?
Thanks,
Von
On Jul 24, 2014, at 8:23 AM, Tom Scavo
<>
wrote:
> You may have heard this news about attacks on SMS-based 2FA at banks
> around the world:
>
> https://twitter.com/trscavo/status/492079055647559681
>
> It's becoming clear that 2FA methods based on telephony, while better
> than no 2FA at all, are less effective than other methods. The
> relative strength of authentication probably goes something like this:
>
> telephony < soft tokens < hard tokens
>
> but that would require further justification.
>
> Tom
- [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Von Welch, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Farmer, Jacob, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Cantor, Scott, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Mark Beadles, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
Archive powered by MHonArc 2.6.16.