this post was submitted on 16 Jun 2023
21 points (100.0% liked)

Australia

3605 readers
63 users here now

A place to discuss Australia and important Australian issues.

Before you post:

If you're posting anything related to:

If you're posting Australian News (not opinion or discussion pieces) post it to Australian News

Rules

This community is run under the rules of aussie.zone. In addition to those rules:

Banner Photo

Congratulations to @Tau@aussie.zone who had the most upvoted submission to our banner photo competition

Recommended and Related Communities

Be sure to check out and subscribe to our related communities on aussie.zone:

Plus other communities for sport and major cities.

https://aussie.zone/communities

Moderation

Since Kbin doesn't show Lemmy Moderators, I'll list them here. Also note that Kbin does not distinguish moderator comments.

Additionally, we have our instance admins: @lodion@aussie.zone and @Nath@aussie.zone

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] surreptitiouswalk@aussie.zone 6 points 1 year ago (2 children)

It's funny in a sad way that 2FA was supposed to be real secure but like all other security, the human element is the biggest weak point, and the custodians of it (telcos) are asleep behind the wheel.

[–] shirro@aussie.zone 4 points 1 year ago

2FA works. It is supposed to be something you know (password) and something you control (like a secure hardware key or app). The problem is people don't control their phone numbers, the telcos do.

[–] Zagorath@aussie.zone 3 points 1 year ago (1 children)

It's worth noting that 2FA is still a security improvement. Using SMS for 2FA doesn't introduce any vulnerabilities compared to no 2FA. It's just not nearly as good as doing 2FA using a TOTP app or dongle. Or using hardware security tokens like FIDO2.

[–] macrocephalic@lemmy.fmhy.ml 4 points 1 year ago (1 children)

Unless the "2FA" channel is what they use to verify password resets.

[–] Zagorath@aussie.zone 3 points 1 year ago

Sure, but that's separate from 2FA and is pretty common even in places that don't offer any 2FA.