Monday , 16 July 2018
Home >> Mobile & Wireless >> A bad day with mobile 2FA

A bad day with mobile 2FA

As a longtime proponent of two-factor authentication (2FA) in a mobile world, I was pained to get hit with two problems using 2FA on Thursday (April 4). But maybe the ability to publicize those two mobile-oriented problems with 2FA will do some good, if sites just pay attention.

The day started with my trying to link to an interesting mobile security story in my social feed (yes, that would shortly prove ironic). The story link wouldn’t work for me, with my browser telling me the site had redirected me too many times. It suggested that I clear out my cookies. That made little sense to me given the immediate problem, but I was overdue for a cookie cleanout anyway, so I gave it a shot.

It didn’t help, of course. I came up with a workaround (I linked to the story’s comments, which worked just fine). Next, I visited various social sites. One of my favorites — a small and little-known site — asked for my login and password. I complied, and it then escalated to 2FA. It didn’t give me any options about the second factor (which is mobile 2FA problem number one) and insisted on texting me a confirmation number.

I waited but nothing arrived. So I asked it to do it again and again. Nothing. That’s when I realized that the site was likely trying to text my landline. And that is mobile 2FA problem number two: If you’re asking for my phone number so that you can text me sometime down the road, tell me that, and I’ll give you my cellphone number. Otherwise, you’ll get the number I most often answer, my landline, and it will do you no good when it’s really needed.

==[ Click Here 1X ] [ Close ]==