I think email is WAY WORSE than SMS/SIM-SWAP.This is not a loophole. Email based 2fa is generally considered as secure as SMS. They both have significant shortcomings. Email can more easily be logged in on multiple devices and security differs widely between providers. SMS is highly susceptible to SIM swap attacks.
Many other banks allow Email 2fa. I know that Chase did (or still does).
Yes, if I was specifically targeted, and with a great deal of effort, I could be SIM-SWAPPED.
However, just clicking a link on my laptop, someone could either steal my banking session (if my device was "trusted"), or, they could EASILY pluck the 6 digit code from gmail which is persistently logged in.
-Mike
Statistics: Posted by MikeT — Fri Apr 26, 2024 7:22 am — Replies 7 — Views 435