The security implications of building resource-efficient technology
Technology
Exposing The Flaw In Our Phone System
What's good is that the predominant method for 2FA - sending a text message to your phone - is *less* secure than the method for 1FA.
It's the most used method for 2FA, but has *by definition* never been an actual method for 2FA. Companies just decided “yeah we can use phone numbers” against the advice of the actual security operations people.
On top of the vulnerabilities of the networks themselves, literally alerting an exploiter that "this account is being accessed *right now*, so have at it".
What's particularly interesting about this story/situation is that the older and less secure tech is difficult to evolve from because:
1. it's ubiquitous
but also (and this is the more interesting part)
2. it's comparatively lightweight in terms of implementation and maintenance, and therefore cheaper, which is the real key as always
It's a really good example of how crucial it is to build tech that's resource-efficient, but i had never thought of it in terms of security.
The conclusion is that even if security considerations are kinda irrelevant because in time any system *will* be hacked, you're still way better off building the most resource-efficient tech possible because that will speed up the adoption and distribution of more secure technology.
Planet Earth
2024-09-21
video by Veritasium // story by Elias Gabriel and Philip Shearer