The problem with 2 factor authentication.

I came across this video yesterday. It tells a very interesting (if not potentially scary)  theoretical story. Video by Cheddar.

Here is a summary of the points I got from the video:

  • Your phone number is used for authentication.
  • Phone numbers were not designed to be used for authentication.
  • Phone numbers are vulnerable to hijacking (being stolen).
  • Your phone number is now more valuable than your social security number.
  • Currently, this is an issue. In the future, it will be a problem.
  • You can use burner phone numbers and separate email accounts to protect yourself...and if you are not implementing basic good practices (using good passwords, not reusing passwords), then don't waste your time.
  • If available use a third party authentication application and not your phone number.