FlyerTalk Forums - View Single Post - Capital One "security" changes makes international account access difficult
Thread: Capital One "security" changes makes international account access difficult
View Single Post
Old Feb 10, 2019 | 7:55 pm
  #10  
tmiw
FlyerTalk Evangelist
All eyes on you!
10 Years on Site
 
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,742
Originally Posted by pdxer
Less to support.
Sure. At the same time, though, some people (including OP) actually would prefer codes via email and complain as a result. Of course, that may very well be a smaller number than those who prefer SMS codes.

Originally Posted by pdxer
That's the whole problem, it's very easy for an attacker to trick an entry-level frontline employee that they are you, known as SIM hijacking, and now they get your texts and phone calls. After that, they go after your other accounts, with confirmation texts going to them, not you.

SIM hijacking and the flaws of traditional two-factor authentication
How hackers are hijacking your cellphone account
T-Mobile Is Sending a Mass Text Warning of ‘Industry-Wide’ Phone Hijacking Scam
Ideally everyone would use apps like Google Authenticator, but people are already resistant to 2FA as is; having to download a separate app and set it up for various accounts would be a step too far for a lot of people.

BTW email codes likely aren't much better from a security perspective since many people don't have 2FA set up on their email accounts. Not to mention passwords being shared across accounts, etc.
tmiw is offline  
Reply