Jul 27, 2022

SMS 2 Factor authentication

Why is SMS 2 Factor authentication not secure?

Firstly, I would say that there is nothing wrong 2FA; it is wrong when we use 2FA with SMS, and this is a typical kind of "mis-configuration".

Second, 2FA via SMS is easy to setup and requires no download of any app or reader except a mobile phone with SIM card.

Anyway, NIST, USA has recommended that 1-time SMS is no longer secure to.

SMS Vulnerabilities

  • Intercepting SMS codes
  • Spoof SMS verification
  • Phone account hijacking


Alternative secure authentication options

  1. OTP method - one-time password
  2. FIDO U2F (leading option for 2FA) - similar to smart card wit PKI.
  3. Push Authentication - faster than typing password
  4. Multi-Factor Authentication (MFA) - best solution


Links: