• JackGreenEarth
    link
    fedilink
    English
    141 year ago

    It’s not a confirmation via SMS, it’s a verification via SMS, so the attacker has to have your phone number as well as your steam account to attack it, which makes it harder.

    • @chemical_cutthroat
      link
      English
      161 year ago

      That’s why I was saying that this is “working as intended” and that more than likely this was perpetrated by less-than-savory devs who purposefully sold out the people who bought their games. There were no “hackers” only shitty devs that claimed they were hacked after they got caught distributing malware. Again, I may just be overly cynical.

    • TWeaK
      link
      fedilink
      English
      10
      edit-2
      1 year ago

      They’re saying the people who bought the game from the original devs may have been the ones to upload the malware. In that case, they could confirm the SMS very easily.

    • ahriboy
      link
      fedilink
      31 year ago

      And SMS messages can be intercepted. Not a good option, use physical security keys instead!

      • TWeaK
        link
        fedilink
        English
        71 year ago

        Even authenticator apps are generally better than SMS.

        One thing no one talks about with SMS verifications, though, is that it frequently confirms your phone number to the business you’re giving it to. If they’re in the habit of trading user data, this makes the data much more valuable. I think this is the real reason for many businesses that push for it, when normally they could hardly care less about user security.

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        Seriously, while 2FA via SMS is generally much better than nothing, it has zero security so might even make things worse in some cases by providing a false sense of security!

            • LoafyLemon
              link
              fedilink
              11 year ago

              RCS is a replacement for SMS, used by the majority of mobile carriers in Europe, Northern America, and Asia. It is used by default in all supported regions.

              • @[email protected]
                link
                fedilink
                English
                21 year ago

                I know what it is, but it’s got nothing to do with this discussion. What company provides 2FA codes via RCS instead of SMS?

                • LoafyLemon
                  link
                  fedilink
                  2
                  edit-2
                  1 year ago

                  Most of them do, because as you have noted before, SMS protocol is not secure.

                  • @[email protected]
                    link
                    fedilink
                    English
                    51 year ago

                    Do they? I’ve never seen this as an option. In fact, I’ve never even seen RCS mentioned anywhere outside Android enthusiast forums!

      • LoafyLemon
        link
        fedilink
        21 year ago

        Only if you have the access to the same mast, otherwise no. This vastly reduces the number of attack vectors.