Products > Test Equipment
Ebay SCAMS?
<< < (6/12) > >>
jpanhalt:
I understand the need for safety, but just like face masks, I am skeptical every "enhancement" actually helps much.  I don't mean some predicted advantage, but rather actual data.

Case on point, PayPal (USA) will not let you sign on to your account using either e-mail or landline to one's registered address.  It must be a text capable mobile device.  Any data to support that?
bd139:
Yes. That’s usually a separate physical device.

So the credentials are something YOU know.

The SMS is delivered to something YOU have.

Some dude in North Korea does not have your phone.
AVGresponding:

--- Quote from: bd139 on August 15, 2022, 02:31:24 pm ---Yes. That’s usually a separate physical device.

So the credentials are something YOU know.

The SMS is delivered to something YOU have.

Some dude in North Korea does not have your phone.

--- End quote ---

SIM cloning is a thing. The safest thing is to never assume you are safe, and to keep an eye on your paypal account etc.
bd139:

--- Quote from: AVGresponding on August 15, 2022, 05:53:19 pm ---
--- Quote from: bd139 on August 15, 2022, 02:31:24 pm ---Yes. That’s usually a separate physical device.

So the credentials are something YOU know.

The SMS is delivered to something YOU have.

Some dude in North Korea does not have your phone.

--- End quote ---

SIM cloning is a thing. The safest thing is to never assume you are safe, and to keep an eye on your paypal account etc.

--- End quote ---

That's very bad security advice.

SIM cloning is not a concern. It requires physical access to the SIM card. The point of this is to prevent remote attacks to your credentials by physically partitioning them. The guy in North Korea can't clone your SIM when your phone is in your pocket but he can rip off your leaked credentials. But they are absolutely no good if you have your SIM in your device.

Also if all of your credentials are exposed then you are 100% compromised already. Your money is gone. And Paypal and eBay have no liability to give it back because you handed the keys over with your bad security posture. And if you just have a username and password then you're already exposed.

This is why 2FA is important and SMS is good enough.

For ref I use a Yubikey authenticator - that's a completely physically isolated factor.
jpanhalt:

--- Quote from: bd139 on August 15, 2022, 02:31:24 pm ---Some dude in North Korea does not have your phone.

--- End quote ---

Probably not, but some dude in Chicago might.  Cell phones are often stolen or lost.  My home landline is buried up to the house and then screwed to its walls.

What's the difference between sending to a cell phone and sending to my registered PC? 

And finally, you are talking theory, not data.  What the incidence of fake sign-ins from registered PC's or landlines v. cell phones?
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod