Kevin Marks, on the “Dishfire” system which apparently hoovers up millions of SMS messages:
if NSA is intercepting all texts, that means text message based two factor authentication is also blown. #dishfire
— Kevin Marks (@kevinmarks) January 16, 2014
I don’t think this is correct. As I understand it, and in all instances I’ve used, the codes delivered by SMS for two-factor authentication are time and use limited: that means after a few minutes, they’re useless, or if you use them once, they can’t be used again.
This means that, in order to be useful to someone, they would need to be monitored in real time and used before you used them – which would, of course, alert you to the fact they’ve been used, as they would fail when you tried it yourself.
Panic over, people.