SlickerTalk
Search Archives
The Leaderboard
The FAQ

Login
Create Account

Search Dr. S. Talk
TT/ST Wiki
How Well Do You Know ...

RSS Feed



Hosting by DigitalOcean

Support ST on Ko-Fi

Live
Down to Post
Backboards: 
Posts: 154
In response to "Just seems like overkill. If someone has my phone and uses my face to access the account, the code also goes to the phone that they are holding. -- nm" by Volnelk

The weakness is that phone numbers can be cloned and text messages are sent to not your phone. The text system was never designed to be secure

Posted by JD (aka Jason Dean) Dec 4 '24, 08:06
So that's the vector that attackers use.

They clone a number. They have your login but not password for a site so they use the reset password function and the confirming code goes to the number on the account but the attackers receive the code as they're the ones receiving the texts.

They use the code, reset the password and then have access to the account

Post a message   top
Handle: optional — your username will be used if a handle is not provided.

Username:
Password:
Subject:
Message:
You must be logged in to attach images.
(Disclaimer: This website uses cookies to store identifying information. Please practice safe password usage.)