Tech »  Topic »  Millions of people imperiled through sign-in links sent by SMS

Millions of people imperiled through sign-in links sent by SMS

an hour ago   arstechnica.com

Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of people, leaving them vulnerable to scams, identity theft, and other crimes, recently published research has found.

The links are sent to people seeking a range of services, including those offering insurance quotes, job listings, and referrals for pet sitters and tutors. To eliminate the hassle of collecting usernames and passwords—and for users to create and enter them—many such services instead require users to provide a cell phone number when signing up for an account. The services then send authentication links or passcodes by SMS when the users want to log in.

Easy to execute at scale

A paper published last week has found more than 700 endpoints delivering such texts on behalf of more than 175 services that put user security and privacy at risk. One practice that jeopardizes ...


Copyright of this story solely belongs to arstechnica.com . To see the full text click HERE