That’s all fine except SMS is the defacto method that most use for password rese... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		matt-attack on Dec 27, 2018 \| parent \| context \| favorite \| on: Our Cellphones Aren't Safe That’s all fine except SMS is the defacto method that most use for password resets, dual-factor, etc. This was mentioned in TFA. What does one do about that? I think it would be amazing if banks and financial institutions used iMessage but I can’t see it happen.

hackerman12345 on Dec 27, 2018 [–]

IME most SMS verification is bundled with some additional information submitted by the user (e.g. secret information, ID information).

SahAssar on Dec 29, 2018 | [–]

All of which is pretty easily phished.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact