frontpage.

I was using my online banking service to transfer money today, and in my country the transfer requires an SMS OTP (yes, I know SMS is terrible for security). I noticed that my Mac automatically filled in the SMS OTP that was sent to my iPhone, even though my iPhone was still locked.

The idea behind SMS OTP is that it proves you "have" the device. But in this case, as long as the device is nearby, my Mac can read and use the code without me unlocking the phone. I don't even need to touch the device. So the "possession" factor doesn’t really work the way it's supposed to.

It got me thinking, are there more examples where 2FA accidentally collapses into a single factor? Or where the two factors aren’t as independent as we assume?

I find this pretty interesting and want to look more into it, but a quick search hasn't turned up much. Does anyone know if people have already written about this?

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

Ask HN: Ideas for small ways to make the world a better place

Ask HN: Non AI-obsessed tech forums

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

Ask HN: Who wants to be hired? (February 2026)

Ask HN: Who is hiring? (February 2026)

LLMs are powerful, but enterprises are deterministic by nature

AI Regex Scientist: A self-improving regex solver

Tell HN: Another round of Zendesk email spam

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

Ask HN: Is Connecting via SSH Risky?

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

Ask HN: Is there anyone here who still uses slide rules?

Ask HN: How does ChatGPT decide which websites to recommend?

Ask HN: Mem0 stores memories, but doesn't learn user patterns

Kernighan on Programming

Ask HN: Why LLM providers sell access instead of consulting services?

Ask HN: Is it just me or are most businesses insane?

Ask HN: What is the most complicated Algorithm you came up with yourself?

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

We built a serverless GPU inference platform with predictable latency

Ask HN: Does a good "read it later" app exist?

Ask HN: Have you been fired because of AI?

Ask HN: Anyone have a "sovereign" solution for phone calls?

Ask HN: Cheap laptop for Linux without GUI (for writing)

GitHub Actions Have "Major Outage"

Ask HN: Has anybody moved their local community off of Facebook groups?

Ask HN: OpenClaw users, what is your token spend?