Content deleted Content added
→Mobile phone two-factor authentication: Added advances in mobile two-factor authentication to includes references to scholarly articles, web pages, and a Google Patent. |
→Mobile phone two-factor authentication: Account recovery typically bypasses mobile phone two-factor authentication.; reference |
||
Line 34:
* Text messages to mobile phones using [[Short Message Service|SMS]] are insecure and can be intercepted. The token can thus be stolen and used by third parties.<ref>[http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4625610 SSMS – A Secure SMS Messaging Protocol for the M-Payment Systems], Proceedings of the 13th IEEE Symposium on Computers and Communications (ISCC'08), pp. 700–705, July 2008 {{arxiv|1002.3171}}</ref>
* Text messages may not be delivered instantly, adding additional delays to the authentication process.
* Account recovery typically bypasses mobile phone two-factor authentication.
<ref name="">{{cite web | last = Rosenblatt | first = Seth | coauthors = Jason Cipriani | title =Two-factor authentication: What you need to know (FAQ) | publisher =CNET | date =June 15, 2015 | url =http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/ | accessdate = 2016-03-17}}</ref>
* Modern smart phones are used both for browsing email and for receiving SMS. Email is usually always logged in. So if the phone is lost or stolen, all accounts for which the email is the key can be hacked as the phone can receive the second factor. So smart phones combine the two factors into one factor.
* Mobile phones can be stolen, potentially allowing the thief to gain access into the user's accounts
| |||