{"id":23010,"date":"2018-10-05T15:11:27","date_gmt":"2018-10-05T19:11:27","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=23010"},"modified":"2018-10-05T15:11:27","modified_gmt":"2018-10-05T19:11:27","slug":"sms-text-message-login-codes-autofill-but-remain-insecure","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/10\/05\/sms-text-message-login-codes-autofill-but-remain-insecure\/","title":{"rendered":"SMS Text Message Login Codes Autofill But Remain Insecure"},"content":{"rendered":"<p><a href=\"https:\/\/tidbits.com\/2018\/10\/04\/sms-text-message-login-codes-autofill-in-ios-12-and-mojave-but-remain-insecure\/\">Glenn Fleishman<\/a>:<\/p>\n<blockquote cite=\"https:\/\/tidbits.com\/2018\/10\/04\/sms-text-message-login-codes-autofill-in-ios-12-and-mojave-but-remain-insecure\/\">\n<p>Sites originally chose to use SMS-based code validation for 2FA to lower the barriers to &nbsp;2FA&mdash;more people understand SMS than authentication apps. And, regardless of the vulnerabilities of SMS, it&rsquo;s far better to use a second factor than not, because it deters wholesale attacks against accounts. Even if an attacker gained access to all the decrypted passwords for a service, every account with 2FA enabled would still be able to resist unauthorized logins. But SMS-based 2FA is vulnerable to targeted attacks and identity theft.<\/p>\n<p>Apple&rsquo;s proprietary 2FA system for macOS and iOS remains extremely robust, but it still allows the use of SMS and voice calls as a backup when trusted devices aren&rsquo;t available.<\/p>\n<p>[&#8230;]<\/p>\n<p>While it&rsquo;s admirable Apple has streamlined SMS code entry, it would be even more so if the company would kickstart the move away from SMS. <\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Glenn Fleishman: Sites originally chose to use SMS-based code validation for 2FA to lower the barriers to &nbsp;2FA&mdash;more people understand SMS than authentication apps. And, regardless of the vulnerabilities of SMS, it&rsquo;s far better to use a second factor than not, because it deters wholesale attacks against accounts. Even if an attacker gained access to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-10-05T19:11:29Z","apple_news_api_id":"d8ae9133-c0b3-4a9a-bfcd-ef70946530c6","apple_news_api_modified_at":"2018-10-05T19:11:30Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A2K6RM8CzSpq_ze9wlGUwxg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[],"tags":[31,1610,30,1609,48,1393],"class_list":["post-23010","post","type-post","status-publish","format-standard","hentry","tag-ios","tag-ios-12","tag-mac","tag-macos-10-14","tag-security","tag-short-message-service-sms"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/23010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=23010"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/23010\/revisions"}],"predecessor-version":[{"id":23011,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/23010\/revisions\/23011"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=23010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=23010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=23010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}