sim swapping

[flip111]

I read more and more articles about the dangers of sim swapping. Would be nice to have some guidelines on how to prevent such attacks.

Example article https://www.vice.com/en_us/article/pke9zk/paypal-and-venmo-are-letting-sim-swappers-hijack-accounts

[kingthorin]

Isn't that more of an OS/HW level issue than app/web app?

[flip111]

I don't think so because the topic is cross cutting many technologies and also can involve social engineering. But for (web) app specifically it would at least be a good idea to advise against sending out plain passwords over sms.

[kingthorin]

Fair enough

[Sudhanyo]

Hi! Even though this is a very old issue, it would be great if you could assign it to me.

I could create a sample guideline for preventing SIM Swapping based on similar references and provide a solution to this issue. It would be even better if you could tell me where this guideline would be inserted for the PR.

[kingthorin]

A new control page would make sense if you plan for the content to be about prevention.

https://github.com/OWASP/www-community/tree/master/pages/controls

[Sudhanyo]

Okay. Then I will create the same.

[kingthorin]

@Sudhanyo ?

[Prakhar-Shankar]

@kingthorin
This issue has been open from quite a long time now, can you please assign this issue to me.

[Prakhar-Shankar]

@kingthorin
Please review this PR.

[kingthorin]

Yup as time permits, there's no need to ask. GitHub notifications work fine.

[Prakhar-Shankar]

Yup as time permits, there's no need to ask. GitHub notifications work fine.

Sorry sir, for being impatient.