How does 1P relate to "SIM crime"?

WFAWFA

"Mobile carriers give control of our numbers to hackers, who can then drain our bank accounts in minutes."

https://www.nbcbayarea.com/news/local/Mans-1M-Life-Savings-Stolen


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @WFA!

    Unfortunately I get a "Page not Found" error when I try to follow that link. But I can tell you that 1Password does not need phone functionality to work, so I am not sure any attack of this type makes sense for 1Password.

  • BenBen AWS Team

    Team Member
    edited April 2019

    Hi @WFA,

    Thanks for the updated link.

    The 1Password membership service does not use SMS for any sort of authentication so blunders like this by cell carriers wouldn't have any impact on 1Password. We don't recommend using SMS based authentication for any service that you're using. If given the choice TOTP would be the better option, and 1Password can be used as a TOTP authenticator:

    Use 1Password as an authenticator for sites with two-factor authentication

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • BenBen AWS Team

    Team Member

    Update: an earlier version of the post above was mistakenly missing the word "don't." To be clear: we do not recommend SMS for authentication.

    Ben

  • Thank you for that correction, Ben.

  • BenBen AWS Team

    Team Member

    You're very welcome. I'm glad my colleague @rudy spotted it for me. We do have some other posts about how SMS has been problematic in this regard, dating as far back as 2016ish:

    https://discussions.agilebits.com/discussion/65775/is-otp-more-secure-than-sms-code

    Ben

  • I checked a couple of financial institutions and found only SMS authentication, and no QR codes.

    1P's TOTP approach appears a bit daunting anyhow.

  • BenBen AWS Team

    Team Member

    I checked a couple of financial institutions and found only SMS authentication, and no QR codes.

    That's unfortunate.

    1P's TOTP approach appears a bit daunting anyhow.

    It's pretty simple. You just scan the QR code the website gives you using 1Password and then 1Password generates the TOTP codes for you. :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file