Are 2FA safe? (8.Viewing)

  • Topic Starter Topic Starter Nafti
  • Start date Start date
  • Replies Replies: Replies 9
  • Views Views: Views 1,405
Nafti

Nafti

Member
Joined
Nov 11, 2020
Topics
91
Posts
1,219
Likes
837
Country flag
Interesting article below regarding 2FA.

https://www.cp24.com/mobile/news/ha...wMCyYHOtyt4IqpXPG_pQX3drtxok-d3-x7O2ZmOT5at0o

“ According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests.”

Could this happen if someone uses 2FA for their registrar account as well? Or anything else that you would use 2FA for.
 
Yeah, this year I've been getting more into security with my ventures into crypto. Even updating my regular passwords.

You have the normal 2FA, then a step up is:

Authenticator apps. I use Authy, try to not use anything from Google as much as possible. Then another step up is

something like a Yubikey. I think the auth apps are fine.
 
Nafti said:
Could this happen if someone uses 2FA for their registrar account as well? Or anything else that you would use 2FA for.
Click to expand...

Yes, anything that uses SMS authentication is subject to a SIM-card swap, porting or forwarding attack.
 
If using 2FA through an app, you should

1) Not store your backup codes along with your passwords.
2) Be careful when considering a 2FA backup to the cloud, like with Lastpass Authenticator

I'm planning on looking for a solution where I can store/encrypt the 2FA backup elsewhere than the authenticator app. But an encrypted backup someplace is not a bad idea.

It's a pain to reset 20+ 2FA codes for a lot of different sides when/if your phone breaks. Don't ask me how I know :D
 
Login or Register to reply

Sponsors who contribute to keep dn.ca free for everyone.

Sponsor
CanSpace
CIRA
FullHost
WHC
Donors

Sponsors who contribute to keep dn.ca free.

Members who recently read this topic: 2

Back
Top Bottom