Article <usn9oq.2ds.1@ID-201911.user.individual.net>

Deutsch English Français Italiano
<usn9oq.2ds.1@ID-201911.user.individual.net>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Frank Slootweg <this@ddress.is.invalid>
Newsgroups: comp.mobile.android
Subject: Re: Codes sent by text message
Date: 11 Mar 2024 14:59:33 GMT
Organization: NOYB
Lines: 33
Message-ID: <usn9oq.2ds.1@ID-201911.user.individual.net>
References: <ush35k$2791b$1@dont-email.me> <usid1f$2fqif$1@dont-email.me> <su6vbkx86o.ln2@Telcontar.valinor> <1uppdwld2qlfe$.dlg@v.nguard.lh>
X-Trace: individual.net jrT8ruYvXb/GRxNY6GLOAQL6S9V5o1kIn99ruI5POA9nrIv0Oz
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:6AweESo5S7G/hPk2a2pHrexr1cE= sha256:HJHmDkJwFZCQhMcFNhcAz2OCAGWo7j/hjrRnvxVom/w=
User-Agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (CYGWIN_NT-10.0-WOW/2.8.0(0.309/5/3) (i686)) Hamster/2.0.2.2
Bytes: 2254

VanguardLH <V@nguard.lh> wrote:
> "Carlos E.R." <robin_listas@es.invalid> wrote:
> 
> > Newyana2 wrote:
> >
> >> "The Real Bev" <bashley101@gmail.com> wrote
> >> 
> >>> WTF?  Why is the google voice number not a REAL phone number?
> >>
> >>    As V said, the simple answer is that they want to spy.
> > 
> > No, that's not it. Not for a bank.
> > 
> > They want to know that you are an actual person with a phone and 
> > contract. They have to trust the company giving those numbers.
> 
> Well, that *is* tracking to a device.  They hope the device belongs to
> you, and you're the one in charge of the phone when the call arrives.
> Rather a stupid concept: send the code to the same phone that is trying
> to log into a web form.  Geez, of course the thief or hacker just must
> ignore the code sent to that phone for the login they're trying to hack.

  Huh? Who is saying that the "log into a web form" is done on a *phone*?

  It's more likely done on a computer and in that case, the scenario
involves *two* devices and the thief/hacker must be in possesion of the
second device (phone), which he isn't.

  *If* the "log into a web form" is done on a phone, then it's most
likely not a "web form" - i.e. via a web-browser -, but an *app* on the
phone and that app will - together with the bank (or other service
provider) - provide the needed security (by checking hardware IDs, PIN,
fingerprint, etc.).