1 upvotes, 1 direct replies (showing 1)
View submission: How to keep your Reddit account safe
SMS is insecure anyway. You don't even need to contact a carrier, you can spoof the number and receive texts temporarily, long enough to either spy or to get a 2fa code.
Comment by Searchlights at 06/05/2019 at 17:38 UTC
1 upvotes, 0 direct replies
you can spoof the number and receive texts temporarily
Yeah that's super insecure. For something like my Reddit account I think even SMS two factor is probably adequate because it's unlikely anybody would attack my account specifically, or that they'd know my phone number. On a platform like this I would expect your vulnerability is brute force based on trying combinations of accounts and common passwords.
Where I worry about an attack like that is on a financial account login where an attacker may be targeting you specifically and already have some of your information. Lots of people know your phone number.