…or listen on any of these podcatchers!
EFFECTED USERS: Everyone (with an online password = everyone) ESPECIALLY Android Users
Hair of fire 4 of 5
SUMMARY: You worry about your passwords getting hacked or stolen. So, you turn on “Two Factor Authentication” also known as ‘2FA,’ ‘One-Time Passcodes’ or ‘SMS Security Codes’ and other names. Once you turn on Two Factor Authentication, you breathe a sigh of relief – you’re safe!
In a recent Forbes article, author Zak Doffman writes:
- 2fa = Two factor authentication, or the code that is sent to your phone via text
- SMS =Short Message Service, or text messages
The greatest benefit with SMS is also its greatest weakness. The reason (2FA has become a) default is that we all have access to a cell phone and an SMS messenger. There’s no need to run a separate authenticator app to produce one-time codes, there’s no need to carry around digital keys, it works across all apps and platforms and doesn’t rely on any specific ecosystem.
But, behind the façade, the SMS system over which those codes are being sent is wide open. An archaic network that runs across mobile networks worldwide, where there’s no end-to-end encryption, where you have no way to know over which networks your message travels in open-text form between sender and recipient. Last year, the FBI warned that 2FA had inherent weaknesses, advising us to opt for biometrics…
Why You Should Stop Using SMS Security Codes—Even On Apple iMessage, October 11, 2020, Forbes
Here with me to talk about this today is: Derly Gutierrez, known more commonly as ‘DerlyG.’
What is the problem with Two Factor Authentication through a text message?
One thought on “#37 – Text-Message Security Codes No Longer “Good Enough””
Comments are closed.