assurance - RE: [Assurance] attacks on SMS-based 2FA
Subject: Assurance
List archive
- From: "Farmer, Jacob" <>
- To: "" <>
- Subject: RE: [Assurance] attacks on SMS-based 2FA
- Date: Thu, 24 Jul 2014 13:57:48 +0000
- Accept-language: en-US
Tom,
This is certainly in interesting attack and I agree with the premise that
SMS-based MFA is less secure than other forms of tokens.
However, this attack still requires that the endpoint be compromised, and as
long as that happens, I don't think that all the MFA in the world will help.
Jacob
-----Original Message-----
From:
[mailto:]
On Behalf Of Tom Scavo
Sent: Thursday, July 24, 2014 8:24 AM
To:
Subject: [Assurance] attacks on SMS-based 2FA
You may have heard this news about attacks on SMS-based 2FA at banks around
the world:
https://twitter.com/trscavo/status/492079055647559681
It's becoming clear that 2FA methods based on telephony, while better than no
2FA at all, are less effective than other methods. The relative strength of
authentication probably goes something like this:
telephony < soft tokens < hard tokens
but that would require further justification.
Tom
- [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Von Welch, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Farmer, Jacob, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Cantor, Scott, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Mark Beadles, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
Archive powered by MHonArc 2.6.16.