Pushing Vendors to Abandon SMS standard
SMS-based authentication continues to be a great way to placate a user into thinking they are safe while creating an avenue for attackers to gain access to their accounts. Fabio Assolini and Andre Tenreiro from Kaspersky published some research that puts numbers in fraud losses to these threats. SIM Swaps cost criminals $10-15/SIM with gains from fraud being over $1,000. That’s a good return on investment. It’s why I’ve become a huge fan of U2F and other non-SMS authenticators (see my guide here). Companies like Yubico have made real multi-factor authentication doable for the masses with zero client-side infrastructure. Major companies like Google and Facebook are leading the charge to remove SMS-based authentication and account recovery options by allowing users ...
Continue Reading