Banks that use TOTP or hardware 2FA instead of SMS?
- Thread starter calvin1719
- Start date
Totp is not sim based. 2fa doesn't mean only sms based 2fa.
Which is the entire point of this thread.
Which is the entire point of this thread.
This is just another video in support of discarding all SMS OTPs. I hope our Indian banks and indian websites stop using SMS OTPs for every single little thing.
dktechsavvy
Disciple
is there any device that can be used to add 2fa code generation process like bank employees use? after watching this video i dont know safe any telecom system is really
You can only use whichever 2fa is supported by the service you're signing in to. Eg Google supports hardware keys, totp, prompts on signed in mobile devices, etc. But banks support nothing but otp. Bunch of idiots.
Correction, kotak does now support approving sign in using their mobile app. But still not as good as other methods.
Correction, kotak does now support approving sign in using their mobile app. But still not as good as other methods.
If i remember correctly then ss7 vulnerability is only applicable when companies are using 2g, 3g networks and not when using 4g or 5g as they don't ss7.
Jio is 4g or 5g only.
KAKAN
Disciple
Towards the end, he also explains the risk is that tele operators use SS7 for routing amongst themselves, so it's still being used if you're using 4G/5G and calling a different network.
Kinda like BGP vs OSPF/EIGRP. Not a great comparison, but gets the point across.
While the OTP is compromised, that is the second F in 2FA. You still need to intercept that specific browser or app session where you logged in with your password and about to enter the OTP. Or that payment session of the bank OTP authentication page.
How do they achieve that remotely ?
Of course safer would be to move from SMS OTP to something like a RSA soft token.
How do they achieve that remotely ?
Of course safer would be to move from SMS OTP to something like a RSA soft token.