Houndstooth Media Group

a creative digital strategy agency

  • Services
    • Social Media Management
    • Website Design & Development
    • Content Creation & Management
    • Marketing Strategies
    • Consulting
  • Products
  • Blog
  • About
    • Our Team
  • Contact
  • We’re Hiring
  • Our Work
  • Testimonials

Why SMS 2FA is Not Secure

August 10, 2021

While you might be confused by the term “SMS 2FA”, there’s no doubt you use it. Lots of apps rely on SMS 2FA messages to verify users. Have you ever had an app or service you use tell you they are going to text a code to your number to verify your account? That’s what SMS 2FA is, and it is not as secure as everyone thought it was. A recent breach makes it clear that you should steer clear of text message verifications.

SMS 2FA is not secure

What’s the Problem with SMS 2FA?

First, let’s break down these acronyms. SMS means “Short Message Service”, but most of us refer to it as texting. 2FA is an abbreviation for “two-factor authentication”. We recently explained how you can use 2FA to keep your social media accounts safe. When you put it all together, SMS 2FA refers to the method of two-factor authentication where a code or one-time password is delivered via text message.

A recent Vice article detailed how easy it was for a hacker to reroute text messages without the owner ever noticing. The hacker misused a valid marketing tool to reroute text messages to their number. The number’s owner has no inkling that their text messages have been redirected, other than the fact that they stop receiving text messages. Yes, over time you would probably realize there is an issue. But not before the hacker logs into your various accounts and uses SMS 2FA to log into your once protected accounts and change your password.

What Experts are Saying

Experts have warned us for some time that SMS is not a secure method for 2FA. The website security pros at Sucuri issued a warning in January 2020. They pointed out that SMS is not a secure platform and was primed for bad actors to gain access to personal data. Just last fall Microsoft urged their customers to move away from SMS 2FA because the information could be easily intercepted.

In light of these warnings, several major cell phone carriers have patched this particular vulnerability, but it is just that: a patch fix and not a long term solution. The most recent breach highlights what experts have been warning us about: it’s best to move away from SMS 2FA entirely to protect your accounts.

How to Protect Yourself

The best way to avoid the security issues with using SMS to transmit two-factor authentication codes is simple. Instead of text messages, switch to an authentication app. This method is much more secure because your verification code is never transmitted anywhere, so it can’t be intercepted. There are several safe options for two-factor authentication apps. Check out some of these popular options to find the one that works best for your needs:

  • Google Authenticator
  • Microsoft Authenticator
  • Adobe Authenticator
  • LastPass
  • Twilio

Now that you know what SMS 2FA is you can avoid it! It’s just not worth the risk, especially when there are so many safer options to choose from. Are you interested in learning other ways to keep your website and social media accounts secure? Our WordPress Website Technical Audit will take a close look at the “tech stuff” of your site to ensure it’s in tip-top shape!

  • Facebook
  • Instagram
  • LinkedIn
  • Pinterest
  • Snapchat
  • YouTube
  • Author
  • Recent Posts
Houndstooth Media Group
Latest posts by Houndstooth Media Group (see all)
  • Is TikTok Getting Banned? Things to Consider – March 14, 2023
  • Balancing Artificial Intelligence and Human Touch in Content Creation – February 21, 2023
  • What Should Your Website Be Doing For Your Business? – December 20, 2022

Share This Post

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
Linkedin

Recent Posts

Hands holding a phone looking at TikTok.

Is TikTok Getting Banned? Things to Consider

Balancing Artificial Intelligence and Human Touch in Content Creation

Balancing Artificial Intelligence and Human Touch in Content Creation

smartphone displaying LinkedIn logo

What Should Your Website Be Doing For Your Business?

Recommended Services

WP Engine

Copyright © 2023 Houndstooth Media Group · Our Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.