Do not use SMS or voice for MFA. These are weak MFA factors. Push notification auth to app only, requiring biometrics to approve. Secure hardware tokens are a gold standard, but rare.
If your bank or financial services provider leverages SMS/voice for MFA, they’re setting you up to fail. Switch providers, they’re dumping the liability on their customers.
4 comments
[ 1.7 ms ] story [ 18.9 ms ] threadWhat are your thoughts regarding how to protect ones self from this type of attack?
This is a bleeding edge problem. It goes after 2-factor auth, and it's likely to become more common.
If your bank or financial services provider leverages SMS/voice for MFA, they’re setting you up to fail. Switch providers, they’re dumping the liability on their customers.
https://2fa.directory/us/
(I own customer identity requirements at a fintech, thoughts and opinions my own)
Never ever use SMS 2FA Auth or if you provide a login system, do not offer it as an option.
just kidding. it's only apple and Microsoft. meanwhile EU commission just removed OTP option from their SSO and forced you to move to SMS