Millions of people imperiled through sign-in links sent by SMS
Summary
Ars Technica reports on a research finding that many services rely on sign-in links or codes sent via SMS, exposing users to privacy and security risks. The study identified hundreds of endpoints across numerous services with weak token entropy and unencrypted SMS, enabling potential account takeovers and exposure of personal data. The piece discusses mitigations and contrasts with email-based magic links, urging stronger authentication and tighter controls by service providers.