Ars Technica

Millions of people imperiled through sign-in links sent by SMS

Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of people, leaving them vulnerable to scams, identity theft, and other crimes, ...
Hosted on MSN

SMS sign-in links are spreading fast and quietly opening doors to hackers

SMS sign-in links rely on possession alone, leaving private accounts dangerously exposed Weak tokens allow attackers to guess valid links and access other users ' accounts Unencrypted text messages ...