Text messages may feel convenient, but they are one of the weakest ways to secure accounts with two‑factor authentication.
SMS isn’t the safest form of two‑factor authentication (2FA). Why? Because SMS depends on telecom security, not IT security.
Attackers can often trick a mobile carrier into transferring a phone number to a new SIM card by impersonating the victim. This attack, known as SIM swapping, gives the criminal full control of the victim’s SMS messages.
From there, they can initiate a password reset and capture the texted verification code, bypassing the password entirely.
So, what should you use instead?
An Authenticator App such as Microsoft Authenticator, Google Authenticator, or Authy is a much stronger alternative.
Or, for maximum security, use a hardware security key such as YubiKey.
Both options drastically reduce the risk of interception.
When was the last time you reviewed how your employees receive their authentication codes? It might be time for an audit.
Get in touch with TechMan today and we can help you reduce your online risk.
Need help with your IT? TechMan provides friendly, expert IT support for homes and small businesses across the Kāpiti Coast, Wellington and Levin.
Get in Touch →