Technology

59374 readers

6264 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

Here’s how SIM swap in alleged bitcoin pump-and-dump scheme worked (arstechnica.com)

submitted 4 weeks ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 4 weeks ago* (last edited 4 weeks ago) (8 children)

Idiot. Why did they not run those searches over the tor network to anonymize themselves? That is quite frankly stupid. And the fact that the SEC was using SMS-based two-factor authentication is also stupid. One time pads or bust motherfuckers.

[–] [email protected] 6 points 4 weeks ago (5 children)

One time pads or bust motherfuckers.

Not sure if you're being facetious, but one time pads are for encryption, not authentication. They're also impractical (and overkill) for most purposes.

[–] [email protected] 4 points 4 weeks ago (4 children)

OTP 2FA Codes are one time pads

[–] [email protected] 5 points 4 weeks ago

Ah, gotcha. Those are one-time passwords. Same acronym, so it's easy to confuse them.

But yeah, I agree that everything should use (T)OTP for two-factor authentication, instead of SMS messages. The later mainly provides a false sense of security and presents only a minor hurdle for attackers to overcome.

load more comments (3 replies)

load more comments (5 replies)