Sujet : Re: Codes sent by text message
De : this (at) *nospam* ddress.is.invalid (Frank Slootweg)
Groupes : comp.mobile.androidDate : 11. Mar 2024, 18:50:10
Autres entêtes
Organisation : NOYB
Message-ID : <usng1s.13l8.1@ID-201911.user.individual.net>
References : 1 2 3 4 5 6
User-Agent : tin/1.6.2-20030910 ("Pabbay") (UNIX) (CYGWIN_NT-10.0-WOW/2.8.0(0.309/5/3) (i686)) Hamster/2.0.2.2
VanguardLH <
V@nguard.lh> wrote:
Frank Slootweg <this@ddress.is.invalid> wrote:
Huh? Who is saying that the "log into a web form" is done on a *phone*?
Web traffic volume generated by phones has surpassed web traffic
generated by desktop PCs. Most logins are on phones, not desktops.
https://gs.statcounter.com/platform-market-share/desktop-mobile/worldwide/
Who says that these 'stats' are any indication of "log into a web
form" versus just browsing?
Anyway, in our country (NL), 'desktop' is still slightly higher than
'mobile'! :-) (Both stupid terms, without an explanation.)
And just look at 'Desktop vs Mobile vs Tablet Market Share Worldwide'
to see how silly/meaningless those stats are.
It's more likely done on a computer and in that case, the scenario
involves *two* devices and the thief/hacker must be in possesion of the
second device (phone), which he isn't.
2FA isn't about using 2 devices. It's about 2 pieces of evidence:
password and 2FA code.
FTR, the context is sending a code by SMS, that's 2SV (2 Step
Verification), not 2FA (2 Factor Authentication).
2FA is about two *factors*, knowledge and possesion.
2SV is about two *steps*, in this case 1) (username and) password and
2) getting/entering the code.
2FA is a 2SV process, because it (normally) involves 2 steps.
But 2SV is not a 2FA process, because it doesn't involve possesion,
you don't own/posses the code, you get the code.