> SMS is still better than no 2FA Not if it can be social engineered into a 1FA ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		account42 on Jan 23, 2023 \| parent \| context \| favorite \| on: Ask HN: How do you trust that your personal machin... > SMS is still better than no 2FA Not if it can be social engineered into a 1FA password reset. Better not to give companies your phone number at all.

andix on Jan 30, 2023 [–]

Yes, that’s true. It should really only be used as second factor and not as a single factor for password resets. I’ve seen this too, and it’s awful. If sms is used for password resets, there should be at least an email notification and a waiting period of a few days.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact