Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Rafert
on May 29, 2018
|
parent
|
context
|
favorite
| on:
Two Canadian banks say accounts compromised: CIBC ...
How is requiring a SMS token in addition to a password less secure than just requiring the password?
ahelwer
on May 29, 2018
[–]
Because SMS is used in password-recovery workflows, meaning it isn't a second factor at all - it's a single, easily-breakable factor.
jeromegv
on May 29, 2018
|
parent
|
next
[–]
Except your bank already has your phone number. If phone was already part of the recovery process, it didn’t make it any less safe by enabling 2FA SMS
kevin_nisbet
on May 29, 2018
|
parent
|
prev
[–]
This only happens if SMS get's used in the password-recovery workflow. I don't think there is evidence that TD is using SMS to replace password reset.
So I really don't see how this makes security worse.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
