15
That 2FA stat from Google made me rethink everything
I read on Google's security blog last week that SMS based 2FA actually stops 100% of automated bots but only 76% of targeted attacks. So basically the thing everyone recommends is still letting a quarter of real hackers through. Why do we keep telling people SMS is good enough if it's failing that much against actual threats?
3 comments
Log in to join the discussion
Log In3 Comments
kaigibson9d ago
Feel you on this. I've been telling friends and family to turn on SMS 2FA for years and now I'm wondering if I gave them half-baked advice. It's kind of unsettling that Google's own numbers show how easy it is to bypass the thing we all thought was solid. Makes me think we need to push apps like Authy or hardware keys way more often
7
dylan_brown309d ago
Actually just a small thing, Authy isn't really better than SMS in some ways. It doesn't let you export your codes easily, so if you lose your phone or switch devices you're kinda locked out. Google Authenticator or Microsoft Authenticator are more portable since they let you move your accounts around. Still better to push people toward hardware keys though, those are the real deal.
4
calebc409d ago
Oh man, I feel this SO much. I had the EXACT same wake-up call when I realized I couldn't get my codes off Authy after dropping my phone in a puddle, and it was a nightmare getting back into my accounts. Switching to Google Authenticator felt like such a relief because I could actually move stuff between phones without losing everything.
You're totally right about hardware keys being the gold standard too, I just wish more services actually supported them without extra hassle.
3