#37 – Text-Message Security Codes No Longer “Good Enough”

…or listen on any of these podcatchers!

itunes google spotify-badge-large-png-1280 player over listen

EFFECTED USERS: Everyone (with an online password = everyone) ESPECIALLY Android Users

Hair of fire 4 of 5

SUMMARY: You worry about your passwords getting hacked or stolen.  So, you turn on “Two Factor Authentication” also known as ‘2FA,’ ‘One-Time Passcodes’ or ‘SMS Security Codes’ and other names.  Once you turn on Two Factor Authentication, you breathe a sigh of relief – you’re safe!

Not really.

In a recent Forbes article, author Zak Doffman writes:

Jargon alert:

  • 2fa = Two factor authentication, or the code that is sent to your phone via text
  • SMS =Short Message Service, or  text messages

The greatest benefit with SMS is also its greatest weakness. The reason (2FA has become a) default is that we all have access to a cell phone and an SMS messenger. There’s no need to run a separate authenticator app to produce one-time codes, there’s no need to carry around digital keys, it works across all apps and platforms and doesn’t rely on any specific ecosystem.

But, behind the façade, the SMS system over which those codes are being sent is wide open. An archaic network that runs across mobile networks worldwide, where there’s no end-to-end encryption, where you have no way to know over which networks your message travels in open-text form between sender and recipient. Last year, the FBI warned that 2FA had inherent weaknesses, advising us to opt for biometrics…

Why You Should Stop Using SMS Security Codes—Even On Apple iMessage, October 11, 2020, Forbes

Here with me to talk about this today is: Derly Gutierrez, known more commonly as ‘DerlyG.’

Derly is an Information Security leader with over 20 years experience. He has four degrees, 12 certifications, he has served the US Air Force, US Army, the NSA, and even a few Fortune 500 companies.


Welcome Derly.

What is the problem with Two Factor Authentication through a text message?



Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (www.theSafe.io).  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.

One thought on “#37 – Text-Message Security Codes No Longer “Good Enough”

Comments are closed.