HackerTrans
TopNewTrendsCommentsPastAskShowJobs

GregHolmes

no profile record

Submissions

Using your SIM card for MFA when logging in to an SSH server

developer.tru.id
16 points·by GregHolmes·vor 4 Jahren·33 comments

comments

GregHolmes
·vor 3 Jahren·discuss
Very useful!
GregHolmes
·vor 3 Jahren·discuss
Hey everyone on Hacker News,

We at Ably have just released Spaces, a product enabling developers to implement Collaborative interactions and work within their applications. Coupling this with Ably's Channels product, you can build a fully interactive feature within your apps. If you're interested and have a usecase you'd appreciate some content on this, feel free to join our Discord, I'd love to have a chat with you. https://discord.gg/jwBPhEZ9g5
GregHolmes
·vor 4 Jahren·discuss
We do not verify any of your personal information. We neither have access to that nor store any of it on our system. Our PhoneCheck product simply returns a true or false. Is your phone number tied to this SIM Card. This is information the MNO already has, they know your phone number and your SIM Card. The request is made over a cellular data connection from your device to the MNO
GregHolmes
·vor 4 Jahren·discuss
No, the check url created from the request is made by the mobile network operator assigned to that phone number.

The mobile device makes the GET request to that check url over a cellular data request. The MNO verifies the phone number assigned to that sim card making that data request matches phone number used in the creation of that check url.
GregHolmes
·vor 4 Jahren·discuss
Sorry, answering to your other questions. We are ever increasing coverage, but currently have quite a number of countries in Europe, most of India covered, Canada is covered. the US is in progress.
GregHolmes
·vor 4 Jahren·discuss
If you were, for example building a mobile application. tru.ID's PhoneCheck is superior to SMS in several ways. The first is, it provides a seamless UX. The user only has to enter their phone number (or your backend may already have this stored?). Then all they see is a couple seconds loading followed by a success or failure.

It's also taking away the possibilities of the user entering numbers incorrectly (TOTP for example).

Some countries have started introducing rules for certain industries where they're not allowed to switch between apps on a mobile phone. For example when trying to find their Authenticator app or checking their SMS/email for a TOTP.

And finally, it is phishing resistant. You can phish for a users TOTP. You can't with a data connection the mobile device itself has to make over cellular data to the mobile network operator directly.

There is an API specifically for SIM Swap. Or SubscriberCheck does both PhoneCheck and SimSwap together. Further increasing the security of the authentication process for the mobile app.
GregHolmes
·vor 4 Jahren·discuss
The phone number is used to create the check url. This check url is returned from the mobile network operator that phone number and SIM card belong to.

The device makes a GET request to the check url, with a cellular data connection. The mobile network operator is able to verify that the phone number used to create the check URL matches that of the phone number assigned to that SIM Card making the data connection request.

And if SIM Swap is a concern, we also have an API that allows you to first check whether that phone number has recently switched SIM cards before proceeding with the verification.
GregHolmes
·vor 4 Jahren·discuss
If they're suffering from some form of burn-out or are in a bad way mentally right now, going to a smaller company can make it a lot worse. Smaller companies tend to expect you to wear multiple hats, lots of context switching. It can worsen the situation for them.
GregHolmes
·vor 4 Jahren·discuss
I've seen others discuss burn-out. It does sound a bit like you're in this boat. I have been a developer for a similar amount of time as you and I am around the same age as you. Yes there is an ever increasing number of applicants at roles, but reply anyway. The majority of these 300+ are discarded for various reasons.

During the pandemic I altered my career slightly, I went into Developer Relations. I still write code, but I also do so many other things. However, if you are suffering burn-out, moving into different roles/careers could further worsen the burn-out.

Personally, I'd take a step back and if you haven't already start introducing a very strict work-life balance. Work 9-5 and no other, take up a hobby that gets you doing something completely unrelated. If you're in a better state mentally, then you would be able to see your work life in a clearer healthier manner.
GregHolmes
·vor 4 Jahren·discuss
I recently wrote this tutorial to add an extra factor of authentication when logging in to an SSH server, using tru.ID's PhoneCheck, which uses your SIM card and an active data connection to the mobile network operator. Let me know what you think?