One chestnut from my history in lottery game development:
While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.
Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
Sim swap is quite easy if you are convincing enough for support at an ISP doing phone plans.
Now imagine if I sim-swapped your 2FA codes :)
Exactly this. Instead you should use a phone app like Aegis or proprietary solutions like MS Authenticator to MFA your access because it’s encrypted.
Thenks! I really don’t want to be forced into an app, but it’s good to know the reason why.