> The problem is SMS account recovery, which is a really bad idea. The problem i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Shank on June 17, 2019 \| parent \| context \| favorite \| on: SIM swap horror story: I've lost decades of data a... > The problem is SMS account recovery, which is a really bad idea. The problem is that a lot of services tie the two together. Often one implies the other. Even if it doesn't, though, it's also easier to social engineer -- "look! I have access to the 2fa phone number! I just can't access my password manager!"

saurik on June 18, 2019 | [–]

Companies do that, but they shouldn't call it 2FA at that point as it is no longer a _second_ factor: it has become the primary factor.

fastball on June 17, 2019 | [–]

I'm not sure I've ever seen SMS account recovery.

tpetry on June 17, 2019 | [–]

Google has sms account recovery.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact