●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Please create an account to participate in the Slashdot moderation system
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
byking*jojo ( 9276931 ) writes:
I can confirm that none of this makes any sense whatsoever.
(and that I need an advil)
byswillden ( 191260 ) writes:
I can confirm that none of this makes any sense whatsoever.
(and that I need an advil)
Using SMS for 2FA is what makes no sense. It's time everyone should get rid of it.
Sorry, can't help with the Advil.
byunrtst ( 777550 ) writes:
Using SMS for 2FA is what makes no sense. It's time everyone should get rid of it.
Though I agree SMS is a poor fit, shouldn't we be demanding more from our SMS providers? We give them a tiny message and a destination, and their job is to get it to the correct destination. If they can't reliably manage that, that's a problem! Maybe we should be yelling to get that fixed, and then we'd have something we could use.
To say it another way, I think using SMS for 2FA DOES make a lot of sense, so long as you ignore the security issues. Otherwise, it'd doing nearly everything we want from a 2nd fa
byswillden ( 191260 ) writes:
The problem is that you're delegating device/account security to a third party who doesn't really have any interest or motivation to provide it. SMS was never intended to be a secure channel for authentications, it just got used because it was available, without consultation with the entities that provide it. Demanding that mobile carriers securely manage SMS destination puts a lot of burden on them to develop and deploy mechanisms for strongly authenticating individuals, and for securely identifying devices. They have little or no interest in doing either of those things, and don't necessarily even have any way to do the second, since it depends heavily on how the mobile device manufacturers and their vendors build the devices.
SMS is a bad fit for this purpose, and always was.
Parent
twitter
facebook
byunrtst ( 777550 ) writes:
SMS wasn't intended for this, and SSN wasn't intended for a lot of things. Who cares about the intent?
Demanding that mobile carriers securely manage SMS destination puts a lot of burden on them to develop and deploy mechanisms for strongly authenticating individuals, and for securely identifying devices.
Firstly, so what? Let's do it. Second, neither of those are really needed. What is needed is for number portability to have some form of confirmation/security to it, shut down sim swapping options, and secure the SS7 network - all things we should want anyway. You don't need to strongly authenticate people - burner phones are perfectly fine for this purpose. You don't need to securely identify the device -
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...