SMS does still help to mitigate a common attack...folks trying out password dump... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ptoomey3 on Feb 4, 2019 \| parent \| context \| favorite \| on: Two-factor auth with public-key cryptography SMS does still help to mitigate a common attack...folks trying out password dumps on other sites. But, I don’t disagree we need to move on when we have more options to choose from. Right now the best looking option is webauthn with platform authenticators.

def_true_false on Feb 5, 2019 [–]

If password reuse is a problem, one should be solving that problem instead of it's symptoms. "Have I Been Pwned" comes to mind.

https://haveibeenpwned.com/API/v2#PwnedPasswords

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact