| Deutsch English Français Italiano |
|
<usng1s.13l8.1@ID-201911.user.individual.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Frank Slootweg <this@ddress.is.invalid>
Newsgroups: comp.mobile.android
Subject: Re: Codes sent by text message
Date: 11 Mar 2024 16:50:10 GMT
Organization: NOYB
Lines: 38
Message-ID: <usng1s.13l8.1@ID-201911.user.individual.net>
References: <ush35k$2791b$1@dont-email.me> <usid1f$2fqif$1@dont-email.me> <su6vbkx86o.ln2@Telcontar.valinor> <1uppdwld2qlfe$.dlg@v.nguard.lh> <usn9oq.2ds.1@ID-201911.user.individual.net> <1rjqe3j7o7vxf$.dlg@v.nguard.lh>
X-Trace: individual.net vTDdl1s61dCUwRRxNMgNfAEfKjxduEhOs68kVJLPj8KwPj3vay
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:zkCCKzehcm9bFIetwsJKD1aikWs= sha256:M4D2ky+Ji06gK08usJcc8Dqjs6S+Crbi8luyGYsbQNA=
User-Agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (CYGWIN_NT-10.0-WOW/2.8.0(0.309/5/3) (i686)) Hamster/2.0.2.2
Bytes: 2437
VanguardLH <V@nguard.lh> wrote:
> Frank Slootweg <this@ddress.is.invalid> wrote:
>
> > Huh? Who is saying that the "log into a web form" is done on a *phone*?
>
> Web traffic volume generated by phones has surpassed web traffic
> generated by desktop PCs. Most logins are on phones, not desktops.
>
> https://gs.statcounter.com/platform-market-share/desktop-mobile/worldwide/
Who says that these 'stats' are any indication of "log into a web
form" versus just browsing?
Anyway, in our country (NL), 'desktop' is still slightly higher than
'mobile'! :-) (Both stupid terms, without an explanation.)
And just look at 'Desktop vs Mobile vs Tablet Market Share Worldwide'
to see how silly/meaningless those stats are.
> > It's more likely done on a computer and in that case, the scenario
> > involves *two* devices and the thief/hacker must be in possesion of the
> > second device (phone), which he isn't.
>
> 2FA isn't about using 2 devices. It's about 2 pieces of evidence:
> password and 2FA code.
FTR, the context is sending a code by SMS, that's 2SV (2 Step
Verification), not 2FA (2 Factor Authentication).
2FA is about two *factors*, knowledge and possesion.
2SV is about two *steps*, in this case 1) (username and) password and
2) getting/entering the code.
2FA is a 2SV process, because it (normally) involves 2 steps.
But 2SV is not a 2FA process, because it doesn't involve possesion,
you don't own/posses the code, you get the code.