Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Call verification alone is pretty vulnerable. For a social network login, it might be OK. For access to all your information (which is what Google is heading towards, and is already for some people) it's not great. If someone steals your phone number, it's game over. (AFAIK if you verify via phone you can bypass 2FA, right?)


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: