Except you have no way of knowing if that will be the case ahead of time. Unless... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		profsnuggles on June 9, 2021 \| parent \| context \| favorite \| on: Tell HN: SMS-based two-factor authentication is no... Except you have no way of knowing if that will be the case ahead of time. Unless the first thing you do after enabling 2FA is to social engineer a password reset for your account? Even then that doesn't guarantee that there isn't a more clueless service rep that will make a mistake. Asking before you sign up, "will you allow my account to be hacked through social engineering?" isn't going to an answer other than no. Even if the answer is possibly yes.

FabHK on June 9, 2021 [–]

But then let's please move the discussion from "Is SMS a good or bad second factor?" to "SMS is a mediocre second factor, and a terrible single factor. For this service, is it a second or single factor?"

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact