They’re comforted by the knowledge that at least they’re not the guy who installs indicators on BMWs.
I hate to tell you this, but it’s a factory full of children in China. Those tiny fingers can churn out the codes.
Excuse you. This is shit posting from the loo. Not a shower thought.
Is that a community already?
Imagine having to think of a new 6-digit number every few seconds!
Write them all down on the first day, then just reuse the list. Don’t get caught.
8675309…dammit, thats too many numbers…
How do you know my Lemmy password?
Hey, do you know Jenny too?!
Sounds exhausting
Nah, just roll some dice: http://gamesbyemail.com/news/diceomatic
Yeah those 2FA guys have it the worst
I have actually have the codes in two different apps since ones behind an account so not only does the little elf in my phone have the to think of new numbers he has to make sure the numbers are synced up
Just go sequentially
ya’ll are weird this is how i get income i have an offshore account teeming with crypto from my two-factor homey just gotta take a shit over there in that bush right now
Reminds of of these
My guy was really lazy the other day. He just sent me back my phone number as a code.
At least we know where he got them …
I hate that guy/gal. RCS end to end encryption is already a thing and they didn’t enable it. SMH my head 🤦♂️
The people who downvoted this are the same people that I think Puscifer were singing about in “The Remedy”.
at some point, he just started smashing his head on the keyboard
Me too thanks
Fun fact those are actually emailed most of the time. MMS format your [email protected]
Which is why they can sometimes get delayed for hours
Deeply incorrect as most carriers have the SMS/MMS gateways disabled by default. Eg, you have to enable that function on Verizon. Also you’d see an email as the sending party, not a phone number/shortcode
I mean I use the system literally daily but okay I don’t know if we’re an approved sender or what or how that works. I just know it gets sent out in an email.
You can use something and still fundamentally not understand it…
Here’s an example of a message that’s send the way you describe. Note the fully shown email address in the from field at the top.
And here’s a real 2fa short code message. This was not send via email, this was a registered shortcode number that would be registered with your telephone provider.
Notice that the real 2fa message doesn’t show a full email address as the sender?
If your company is relying on the sms/mms mail gateways, then you are not going to be able to reach most of your clients. Here’s the top 5 carriers in the USA.
Verizon (146 Million users) was opt-in for me (I had to turn it on in order to get my cloudflare alerts to work, can’t rely on email when I’m specifically monitoring the email server). For those who have Verizon, text “status” to 4040 to see if your gateway is active! (https://www.verizon.com/about/account-security/email-to-text-faqs). Though it is entirely possible that it’s no longer opt-in or has changed defaults over time… possible even repeatedly, my account is very old…
T-mobile’s (131 million users) gateway is opt-out last I checked. Meaning that a lot of people will find it once after getting some spam and turn it off.
ATT (118 million users) turned theirs off outright… https://www.att.com/support/article/wireless/KM1061254/
Boost (7 million) mobile relies on AT&T… See above.
US Cellular (4.4 million) - looks like it’s working.
These are the five biggest carriers in the USA, with 3 of them default to “no”… If you’re trusting this function to work for your users, then you’re in the wrong from an IT perspective.
Another reason you know that most companies do not use this mechanism for 2fa… 2fa pins expire. Can’t send 2fa pins that take “A couple of hours” to arrive when that pin expires in 10-15 minutes for most services.
Most sms texts come from registered services like twilio (https://www.twilio.com/en-us/messaging/channels/sms/short-codes), ez texting, salesmsg, textmagic, simple texting, slicktext, textla, etc… For the ones I’ve interacted with, you use their APIs to send messages, and the messages always come from a shortcode or normal phone number, never from an email address. I’ve never… ever ever… received an MFA pin from an email address. Always short codes or full phone numbers.
Edit: typo
