Two-factor Auth has been hacked

[John Connor]

The attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.

http://gizmodo.com/how-hackers-reportedly-side-stepped-gmails-two-factor-a-1653631338

 

[Suspicious-Teach8788]

Never use SMS as 2FA. Rely on an authenticator.

 

[John Connor]

I wanted to use 2 factor on NameSilo, but I needed a Smartphone. I don't have a Smartphone because I don't like using my finger for navigation and typing. But the security questions and password should be pretty good. I use PWDhash in my browser. And the security questions I never give the right answer to. Like, Question: what is your favorite color? Answer: Dirt.

 

[tential]

Security Question Answers should never be an answer to the Question lol.

 

[John Connor]

Exactly! That's what I mean.

 

[PrincessFrosty]

Cellular networks aren't secure outside of very specific setups on very specific hardware, GSM has been cracked for a long time now and can be passively intercepted by anyone with a few hundred dollars of equipment, almost all phones fall back to GSM when other bands are unavailable which is easy to do by blocking with a transmitter.

To my knowledge there's no mass GSM hacking going on, but targeted GSM hacks against 2 factor auth is perfectly plausible for hackers local to you.

 

[John Connor]

Unencrypted DECT 6.0 is hacked too.