Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The attacker would have to steal the password and SMSjack someone; that’s a fairly tall order (maybe feasible for targeted attacks, but it should be sufficient to thwart opportunistic attacks.) The problem is that many sites allow password resets with the SMS, thus rendering it 1F, as GP said.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: