If sms is used as second factor, someone can call your mobile company and pretend to need a copy of the sim and they will sometimes get it. At that point they can get all your sms messages.
You are viewing a single comment's thread from:
If sms is used as second factor, someone can call your mobile company and pretend to need a copy of the sim and they will sometimes get it. At that point they can get all your sms messages.
Yes that is right. Social Engeneering is an often used attack vector.
But I don’t think Authy can be restored only with sms. If this is so there is no need for Authy at all.