NFO 2FA Suggestion.

This is used for general discussion that is not necessarily server-related.
Post Reply

Agree?

Yes
1
100%
No
0
No votes
 
Total votes: 1

edan
New to forums
New to forums
Posts: 4
Joined: Mon Mar 20, 2017 11:41 am

NFO 2FA Suggestion.

Post by edan » Sat Aug 24, 2019 1:50 am

When (and if) you guys implement 2FA, please utilize mobile app based authentication (Google Auth, Authy) instead of SMS authentication. SMS authentication is dangerous and should not be utilized. Heavy impersonation can be used against a persons phone carrier and people can easily gain access to someones number (Sim Swapping).

I can't stress this enough how dumb Text Based Authentication truly is. Twitter enforces Phone Number 2FA on accounts for "safety", and DOZENS of celebrities get their accounts hijacked every month due to social engineering with their cell service provider, as people pretend they are them. Although these Cell Service providers support "Account Pins" these can still be cracked or stolen from employees that are willing to illegally leak user pins to attackers. (Common)

I know John and the NFO team want what's best for the company, and this is THE BEST recommendation for user security, in my opinion.

Here is a GREAT read on "Sim Swapping" and how stupidly simple it is:

https://krebsonsecurity.com/tag/sim-swap/

Post Reply