Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
deredede 5 days ago

The article starts with this description of 2FA:

> an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more distinct types of evidence (or factors) to an authentication mechanism.

and concludes with (emphasis mine):

> For the average user, the smartphone has become a single point of failure, where the theft of one device and one piece of knowledge (the passcode) can lead to total financial compromise.

Looks like 2FA to me, not 1FA.

hn_throwaway_99 5 days ago | parent | next [-]

Furthermore, these days I enter the passcode on my phone very rarely (Android requires it after restarting the device or after some amount of time) - normally I use biometric authentication.

The linked WSJ article is a bit hyperbolic and typical journalism overreach by calling it an Apple "security vulnerability", which is bullshit IMO. If you watch the interview with the guy in jail, the main method by which he got people's security code is he asked them. That is, he would tell people he had drugs to sell them and wanted to give them info, so he would get their phone and ask them for their code to unlock it.

At least the WSJ report is honest when it says "The biggest loophole: You".

tialaramex 5 days ago | parent | prev | next [-]

Also in-person theft is both something our civilisation understands and has adapted to, and it does not scale. So it's never going to be a problem the way say password re-use is or many other maladies from the use of "passwords" for online security.

oytis 4 days ago | parent | prev | next [-]

Compromising the smartphone can let you get the password though, making it one factor. It would be more 2FA if you entered password on one device and used another (Yubikey, physical totp token) as a second factor.

2716057 5 days ago | parent | prev [-]

The issue I'm having with this sort of "something you own and something you know/are" two-factor authentication is that it has some potential to cause violence - both can be beaten out of you: https://www.citizen.co.za/network-news/lnn/article/banking-a...

true_religion 5 days ago | parent | next [-]

This is true with 1FA too. 2FA is more effective at stopping the case where you're hacked and you don't even know it because your password was in a leak.

Leszek 5 days ago | parent | prev [-]

What can't though?

2716057 5 days ago | parent | next [-]

A TAN generator or security key stored in a drawer at home. At least it reduces the opportunities for theft since people don't carry these devices with them all the time as opposed to their phones. Opportunity makes the thief.

frollogaston 4 days ago | parent | next [-]

Idk how this would play out, they might force you to go get that

em-bee 4 days ago | parent | prev | next [-]

if i have to use it every time i want to make a payment, then i have to carry it with me,

j-bos 5 days ago | parent | prev [-]

Yeah I often think the issue with cash and crypto is that it can be easily forced away from an individual by any sufficienty armed and unscrupulous party. Money in a financial institution tends to have an upper limit on what could be forced away in a single act, or at least a single transction cycle.

fakedang 4 days ago | parent | prev | next [-]

Staying anonymous. For every single multimillionaire or billionaire out there flaunting their wealth, there is another who's equally secretive about it. There are many folks with tens of billions in assets who don't make their wealth part of their brand.

Like that guy in Texas whose estate paid billions in tax when he passed away.

4 days ago | parent | prev [-]
[deleted]