Why You Need to Stop Using SMS Two-Factor Authentication Now

© Shutterstock/Tada Images

Two-factor authentication via SMS was the good old days. But like flip phones and 56k connections, it's time to move on. This method that we thought was foolproof is actually one of the least effective at protecting our data.

The Salt Typhoon incident recently highlighted the weaknesses of this authentication method. Our SMS messages are actually as secure as a postcard sent by mail. Hackers, supposedly supported by the Chinese government, managed to intercept thousands of authentication codes sent by SMS. We've seen more secure ones.

The most ironic? Even the FBI, which is reluctant to use strong encryption to complicate their investigations, now recommends abandoning SMS in favor of secure apps like Signal.

The problem with SMS is in its DNA: it was never designed to be secure. Imagine sending your secret codes on a postcard that any malicious mailman could read along the way. This is exactly what happens with SMS messages that are transmitted in clear text over telecommunications networks.

The Cybersecurity and Infrastructure Security Agency (CISA) is very clear on this subject: it strongly advises against using SMS for multi-factor authentication, especially for people at risk.

200% Deposit Bonus up to €3,000 180% First Deposit Bonus up to $20,000

What are the alternatives??

The good news is that there are much more secure solutions than two-factor authentication via SMS. Authentication applications such as Google Authenticator, Microsoft Authenticator or Authy are the new guardians of our online accounts. These apps generate codes directly on your device, bypassing the phone network. A sort of digital safe in your pocket.

These applications use sophisticated encryption algorithms. The codes are generated instantly and change every 30 seconds. It's fast, safe, and efficient.

For online payments, there is Securipass in Europe, a double authentication method directly accessible from your banking application. The configuration takes a few seconds and then verification can be done using a confidential code that you have chosen or by biometrics (facial recognition or fingerprint reader).

Come to think of it, how many of your accounts are protected by SMS ? Your bank ? Your social networks ? Your professional email ? Each of these accounts is potentially vulnerable. So say goodbye to SMS.

• SMS authentication is vulnerable to interception, as the Salt Typhoon case proved
• Even the FBI now recommends ditching SMS in favor of more secure alternatives
• Switch to authentication apps (Google Authenticator, Microsoft Authenticator, Authy) that generate secure codes directly on your device

📍 To never miss any news from Lemon Squeezer, follow us on Google News and WhatsApp.