While you might be confused by the term “SMS 2FA”, there’s no doubt you use it. Lots of apps rely on SMS 2FA messages to verify users. Have you ever had an app or service you use tell you they are going to text a code to your number to verify your account? That’s what SMS 2FA is, and it is not as secure as everyone thought it was. A recent breach makes it clear that you should steer clear of text message verifications.
What’s the Problem with SMS 2FA?
First, let’s break down these acronyms. SMS means “Short Message Service”, but most of us refer to it as texting. 2FA is an abbreviation for “two-factor authentication”. We recently explained how you can use 2FA to keep your social media accounts safe. When you put it all together, SMS 2FA refers to the method of two-factor authentication where a code or one-time password is delivered via text message.
A recent Vice article detailed how easy it was for a hacker to reroute text messages without the owner ever noticing. The hacker misused a valid marketing tool to reroute text messages to their number. The number’s owner has no inkling that their text messages have been redirected, other than the fact that they stop receiving text messages. Yes, over time you would probably realize there is an issue. But not before the hacker logs into your various accounts and uses SMS 2FA to log into your once protected accounts and change your password.
What Experts are Saying
Experts have warned us for some time that SMS is not a secure method for 2FA. The website security pros at Sucuri issued a warning in January 2020. They pointed out that SMS is not a secure platform and was primed for bad actors to gain access to personal data. Just last fall Microsoft urged their customers to move away from SMS 2FA because the information could be easily intercepted.
In light of these warnings, several major cell phone carriers have patched this particular vulnerability, but it is just that: a patch fix and not a long term solution. The most recent breach highlights what experts have been warning us about: it’s best to move away from SMS 2FA entirely to protect your accounts.
How to Protect Yourself
The best way to avoid the security issues with using SMS to transmit two-factor authentication codes is simple. Instead of text messages, switch to an authentication app. This method is much more secure because your verification code is never transmitted anywhere, so it can’t be intercepted. There are several safe options for two-factor authentication apps. Check out some of these popular options to find the one that works best for your needs:
Now that you know what SMS 2FA is you can avoid it! It’s just not worth the risk, especially when there are so many safer options to choose from. Are you interested in learning other ways to keep your website and social media accounts secure? Our WordPress Website Technical Audit will take a close look at the “tech stuff” of your site to ensure it’s in tip-top shape!