#37 – Text-Message Security Codes No Longer “Good Enough”


img_4479
…or listen on any of these podcatchers!

itunes google spotify-badge-large-png-1280 player over listen

EFFECTED USERS: Everyone (with an online password = everyone) ESPECIALLY Android Users

Hair of fire 4 of 5

SUMMARY: You worry about your passwords getting hacked or stolen.  So, you turn on “Two Factor Authentication” also known as ‘2FA,’ ‘One-Time Passcodes’ or ‘SMS Security Codes’ and other names.  Once you turn on Two Factor Authentication, you breathe a sigh of relief – you’re safe!

Not really.

In a recent Forbes article, author Zak Doffman writes:

Jargon alert:

  • 2fa = Two factor authentication, or the code that is sent to your phone via text
  • SMS =Short Message Service, or  text messages

The greatest benefit with SMS is also its greatest weakness. The reason (2FA has become a) default is that we all have access to a cell phone and an SMS messenger. There’s no need to run a separate authenticator app to produce one-time codes, there’s no need to carry around digital keys, it works across all apps and platforms and doesn’t rely on any specific ecosystem.

But, behind the façade, the SMS system over which those codes are being sent is wide open. An archaic network that runs across mobile networks worldwide, where there’s no end-to-end encryption, where you have no way to know over which networks your message travels in open-text form between sender and recipient. Last year, the FBI warned that 2FA had inherent weaknesses, advising us to opt for biometrics…

Why You Should Stop Using SMS Security Codes—Even On Apple iMessage, October 11, 2020, Forbes

Here with me to talk about this today is: Derly Gutierrez, known more commonly as ‘DerlyG.’

Derly is an Information Security leader with over 20 years experience. He has four degrees, 12 certifications, he has served the US Air Force, US Army, the NSA, and even a few Fortune 500 companies.

 

Welcome Derly.

What is the problem with Two Factor Authentication through a text message?

 

 

Published by

Unknown's avatar

David W. Schropfer

David W. Schropfer is a technology executive, author, and speaker with deep expertise in cybersecurity, artificial intelligence, and quantum computing. He currently serves as Executive Vice President of Operations at DomainSkate, where he leads growth for an AI-driven cybersecurity threat intelligence platform. As host of the DIY Cyber Guy podcast, David has conducted hundreds of interviews with global experts, making complex topics like ransomware, AI, and quantum risk accessible to business leaders and consumers. He has also moderated panels and delivered keynotes at major industry events, known for translating emerging technologies into actionable insights. David’s entrepreneurial track record includes founding AnchorID (SAFE), a patented zero-trust mobile security platform. He previously launched one of the first SaaS cloud products at SoftZoo.com, grew global telecom revenue at IDT, and advised Fortune 500 companies on mobile commerce and payments with The Luciano Group. He is the author of several books, including Digital Habits and The SmartPhone Wallet, which became an Amazon #1 bestseller in its category. David holds a Master of Business Administration from the University of Miami and a Bachelor of Arts from Boston College.

One thought on “#37 – Text-Message Security Codes No Longer “Good Enough”

  1. Pingback: Cybersecurity Adviser Derly Gutierrez on DIY Cyber Guy – DIY CyberGuy with David W. Schropfer

Comments are closed.