Quote:
Originally Posted by rowan
If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...
Don't use SMS for 2FA!
|
I use google authenticator on one site and on another I have email and then sms. Doesn't make it stronger with the added 1st step email confirmation if someone ports my phone number. Might look into another solution.
Is google authenticator the best solution to protect a user account ?