Please stop telling people who don’t know better not to use SMS 2FA. Some other factor is better than no other factor, and not everyone has an adversary that will do SIM cloning or an SS7 attack
@wxcafe Agreed! Also I do know better and I still use SMS 2FA for a lot of things because fuck if I'm going to get locked out of my account because my OTP app isn't accessible to me at the moment.
@ralaud @wxcafe I’ve been using Authenticator by Matt Rubin, https://itunes.apple.com/us/app/authenticator/id766157276?mt=8 since it has some nice creature comforts. But a full backup isn’t one of them. :(
@ralaud @wxcafe the app I use is adamant about not letting you do backups of your own or having any way of transferring the secret anywhere else, although it does at least allow backups to happen in an iTunes encrypted backup (which is what I use).
This one claims to allow users to transfer the secrets and such; maybe I'll try it out: https://itunes.apple.com/us/app/otp-auth-two-factor-authentication/id659877384?mt=8&ign-mpt=uo%3D4
So SMS 2FA is more of a false sense of security than anything else.
Another problem is that many services, including banks, still offer no 2FA other than SMS 2FA, unless you're a business customer.
You are a fool if you have any substantial money they can be stolen via SMS password reset of your email or bank account.
Google Authenticator or Authy are much safer and not hard to use. saved my ass when my number was hijacked.
@wxcafe Threat Model.
@wxcafe though social engineering a sim card swap is probably less than 100$ of labor. So yes its better but if your account has a cash value you need better
@wxcafe Also, I know for me, my cell service goes off, and I forget my passwords, so like, how am I supposed to retrieve my passwords then? The emphasis should be on not to hack, not finding ways to blame people for "not being secure enough".