Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Furthermore, telegram forces you to link your account with a phone number, and that acts as the primary (or only) form of authentication, opening you up to sim-jacking.

Linking phone or use it for 2FA should be like red light today. For Telegram, banking app, don't matter.



Turns out you can also add a password to your telegram account to act as a form of 2FA, kinda odd but that's that I guess.


Actually, there's something interesting to note. If you enable 2FA, it's not possible to recover your account without either the password or the recovery email (if any). However, via SIM-jacking an attacker can still erase all data in your account and then take it over.


Because Telegram like many mobile apps, doesn't want anonymous users because you cannot sell them to advertisers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: