Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: AJL Newsgroups: comp.mobile.android Subject: Re: Codes sent by text message Date: Mon, 11 Mar 2024 13:01:46 -0700 Organization: A noiseless patient Spider Lines: 25 Message-ID: References: <1uppdwld2qlfe$.dlg@v.nguard.lh> <1rjqe3j7o7vxf$.dlg@v.nguard.lh> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Mon, 11 Mar 2024 20:01:43 -0000 (UTC) Injection-Info: dont-email.me; posting-host="1e96981bdaf8a074706b47b2100071d4"; logging-data="4002831"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+lE56emUP3EkkWmsByV5R4" User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 Cancel-Lock: sha1:nFxkKFqLQ22tkuZGSPjxJ7ebyJU= In-Reply-To: Bytes: 2161 On 3/11/2024 9:50 AM, Frank Slootweg wrote: > FTR, the context is sending a code by SMS, that's 2SV (2 Step > Verification), not 2FA (2 Factor Authentication). > > 2FA is about two *factors*, knowledge and possesion. > > 2SV is about two *steps*, in this case 1) (username and) password and > 2) getting/entering the code. > > 2FA is a 2SV process, because it (normally) involves 2 steps. > > But 2SV is not a 2FA process, because it doesn't involve possesion, > you don't own/posses the code, you get the code. FTR Professor Google says they are the same: "With 2-Step Verification, also called two-factor authentication, you can add an extra layer of security to your account in case your password is stolen." Who to believe? Professor Google or Professor Slootweg? Hmmmmm... ;)