Hacker News new | past | comments | ask | show | jobs | submit login

Can anyone on HN please explain why, why, WHY are we still using SMS/telephony which has exactly 0 encryption wh---I guess that's the reason?

It's insane. I've heard banks using SMS!!!! To send a code. We have TOTP for that! Or even perhaps a push notification or something better than bloody SMS.

I refuse to use the networking system altogether. No phones, no calls. Of course you do 'need' a number so I keep one handy, but I haven't read a text or made a phone call in a long while.

It needs to die. NOW. Outlaw SMS!




> I've heard banks using SMS!!!!

It sounds like you're incredulous that even banks are being insecure, but history has shown that you can expect banks to be roughly last in terms of competent and secure IT. I trust my Walmart.com account info to be safer than my bank info.


It's because SMS works without data.

I doubt that most of the people that complain about SMS live in rural areas. It seems to be more of a US thing. The country is so large that unless you live in a city you just won't be able to get data reliably. This leaves SMS as the only form of phone communication that isn't a voice call.


Agree, SMS just work, everywhere and always, with every mobile phone.


It's simple, it works with the dumbest of mobile devices, and people understand it.

Even installing and using a TOTP app, and configuring it to work with an online login, is a hurdle that a non-negligible number of users cannot pass.

It's better than nothing.


I don't know anything about the technical details with this, but I wonder why mobile service providers don't just kill off regular SMS and calling, and start providing service exclusively through data connections? The infrastructure for that old stuff can't be free for them, there must be some significant costs associated with it.

Maybe Starlink will be able to provide a mobile phone service that only offers a data connection one day, and that will be the "disruption" the mobile industry needs.


As far as I know, newer cell phone standards only define how to transmit data. Phone calls are simply layered on top of that.


Can my website send 2fa tokens via iMessage?





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: