It’s time to ditch SMS-based 2 Factor Auth

Phone numbers are not reliable. Phone numbers can be hijacked. Phone numbers change.

Phone numbers stop working when you are traveling and not roaming. Phone numbers don’t work when you are using in-flight Wi-Fi. Phone numbers can stop receiving text messages/calls for a million of other reasons, effectively either (1) locking users out of an account or (2) compromising the account altogether.

Chrome lets hackers phish even ‘Unphishable’ Yubikey users

Two weeks ago, in a little-noticed presentation at the Offensive Con security conference in Berlin, security researchers Markus Vervier and Michele Orrù detailed a method that exploits a new and obscure feature of Google’s Chrome browser to potentially bypass the account protections of any victim using the Yubikey Neo, one of the most popular of the so-called Universal Two-Factor, or U2F, tokens that security experts recommend as the strongest form of protection against phishing attacks.