this post was submitted on 20 Dec 2024
644 points (98.6% liked)

Technology

76299 readers
2313 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] shortwavesurfer@lemmy.zip 66 points 10 months ago (1 children)

Been saying that for years. It's about damn time.

[–] Screen_Shatter@lemmy.world 17 points 10 months ago (2 children)

SMS spoofing and SIM swapping have been around for ages. It was never secure and that's always been known. The number of companies that rely on it despite sending me a zillion other fucking useless emails is too damn high! Email, or better yet, an authenticator app, are far more secure. Not perfect, but better.

[–] shortwavesurfer@lemmy.zip 5 points 10 months ago (1 children)

One big reason I'm hesitant to keep my money in banks is because banks think the best form of two-factor authentication is text message based 2FA and I'm like that's barely any 2FA at all.

[–] Screen_Shatter@lemmy.world 6 points 10 months ago (1 children)

My banks are like that too. Of course I can't speak to anyone who might influence that decision. Steam has better security than almost any other account I have. I appreciate them for that but it also seems ludicrous to me that my video games are more secure than my bank accounts.

[–] shortwavesurfer@lemmy.zip 4 points 10 months ago (1 children)

I keep my money in Monero. That way, it's me who has to be targeted instead of an institution. And if I fuck up and lose it, it's my own damn fault.

[–] Screen_Shatter@lemmy.world 3 points 10 months ago (1 children)

I have some crypto, some stocks, etc. For many things I still need standard banking though. Crypto just isn't there yet. Maybe someday... But having money distributed is still smart either way, so I have many baskets for my eggs.

[–] shortwavesurfer@lemmy.zip 1 points 10 months ago

I keep a little bit in the bank, like enough to pay my bills and such, but any extra I put into Monero.

[–] frostysauce@lemmy.world 2 points 10 months ago (1 children)

Wait, how is email more secure than SMS?

[–] Screen_Shatter@lemmy.world 3 points 10 months ago (1 children)

https://en.m.wikipedia.org/wiki/SMS_spoofing

So, it's not that the message itself is insecure, but the inability to verify the sender makes phishing attacks possible or similar things. I get a text from a random number saying "click this link to pay your bill!" And I don't have any way to trust its legit.

SIM swaps make it so people can take over your phone number temporarily and then generate 2fa requests to gain access to accounts. Doing the swap usually involves bribing someone or gaining access to a providers database by other means, but its been done a lot.

There are ways to prevent this, but the most straight forward is using a MFA app. Barring that 2FA via email is the next best thing.

[–] frostysauce@lemmy.world 2 points 10 months ago (1 children)

Forgive my ignorance, aren't emails sent in plain text that can be read by any of the networks they are passed between? I've always been taught email is the least secure of any communication.

[–] Screen_Shatter@lemmy.world 3 points 10 months ago (1 children)

I'm not a security expert so my ability to explain is limited, but no, emails have long used encryption protocols like SSL to prevent such problems. However, your email provider may scan and read your emails. That's not much different than a text message service reading those messages, but you can choose your provider. From what I can tell proton.me is the way to go for resolving that issue - they provide encryption which prevents their own machines and employees from being able to read your messages and other data. Otherwise, your email is basically as secure as your passwords are.

[–] frostysauce@lemmy.world 2 points 10 months ago (1 children)

OK, I had no idea what I was talking about, lol. Thanks for responding!

[–] Screen_Shatter@lemmy.world 2 points 10 months ago

No prob, this stuff is difficult to keep up with. I'm still always learning and hoping I'm doing it right