This is a good reminder to not use text messing to your cellphone for two factor authentication on your accounts, and always use an authenticator app.
@jordicusmaximus
Absolutely, but a surprising number of very large companies only support MFA via SMS.
Not here! In fact, we don't support SMS MFA at all here.
@th3j35t3r @voltronic I mean, to be fair, CoSo ain't your typical IT picnic basket when it comes to infosec. 😉
@jordicusmaximus @th3j35t3r
Yup, I've got Authy enabled here, and CoSo also lets me use my preferred 128 random-character generated passwords as well. Stick that in your rainbow table and smoke it.
Oddly enough Google supports passwords of that length, but one of my banks is only 32 (and only SMS or email for MFA).
^ I recommend people contact their mobile provider and add a passcode to their account. I did this a few years back. Any account changes require that passcode to be provided verbally to a customer service rep, which should shut down most SIM-swap attacks.
What's being described above though, that might still go through.