Idiot. Why did they not run those searches over the tor network to anonymize themselves? That is quite frankly stupid. And the fact that the SEC was using SMS-based two-factor authentication is also stupid. One time pads or bust motherfuckers.
Not sure if you’re being facetious, but one time pads are for encryption, not authentication. They’re also impractical (and overkill) for most purposes.
Ah, gotcha. Those are one-time passwords. Same acronym, so it’s easy to confuse them.
But yeah, I agree that everything should use (T)OTP for two-factor authentication, instead of SMS messages. The later mainly provides a false sense of security and presents only a minor hurdle for attackers to overcome.
Idiot. Why did they not run those searches over the tor network to anonymize themselves? That is quite frankly stupid. And the fact that the SEC was using SMS-based two-factor authentication is also stupid. One time pads or bust motherfuckers.
Not sure if you’re being facetious, but one time pads are for encryption, not authentication. They’re also impractical (and overkill) for most purposes.
OTP 2FA Codes are one time pads
Ah, gotcha. Those are one-time passwords. Same acronym, so it’s easy to confuse them.
But yeah, I agree that everything should use (T)OTP for two-factor authentication, instead of SMS messages. The later mainly provides a false sense of security and presents only a minor hurdle for attackers to overcome.