This is a much more secure method for your 2FA login.
SMS BACKUP APP FOR LEGAL CODE
If you have a smartphone or other mobile device, you can avoid using SMS and voice calls to get your 2FA code by downloading and installing one of many popular two-factor authentication apps directly to your device. Avoid security risks with a mobile 2FA app So yes, using SMS is not without risk, but it’s riskier to use nothing. But convincing multiple wireless providers to make changes to hundreds or thousands of customers phone plans takes a lot more effort and is much harder. From a cybercriminal’s perspective, downloading a massive list of usernames and passwords, and then automating account takeovers, is fairly simple. But hijacking SMS is not as easy as other forms of attack. While it is true that both these uses of the phone network are vulnerable to some form of attack, let’s remember one very important fact: two-factor authentication using SMS or voice is still far more secure than having no 2FA protection at all. And if a device is not SMS capable, two-factor authentication via a voice call covers almost everyone else. Since almost every online user has an SMS capable device these days, and practically the entire world is texting, there is no learning curve per se. The reason SMS for 2FA is so wildly popular is that it’s also incredibly easy to use. Any 2FA security is better than noneįirst things first, SMS is not going away.
SMS BACKUP APP FOR LEGAL INSTALL
The concern that Decryptionary has is if the Authy app uses SMS during the install process, isn’t Authy also vulnerable? This is another excellent question and one that we’ll be clarifying in this blog post. As such, the security industry and various media have been advising that users avoid using SMS for 2FA, and instead use apps on your phone (like our Authy app ) which generate the same security code without the need for it to be sent via SMS. Typically, this is done when an attacker already has your username and password and also needs to get the two-factor authentication (2FA) text message as part of an account takeover.
Phone porting is where cybercriminals trick your phone company into swapping your phone number to a different device and SIM card. For those who aren’t familiar, a SIM card is a small, removable chip inside a mobile phone, carrying an identification number unique to the owner, and storing personal data. There has been an increase in phone porting attacks (sometimes known as SIM swapping ). Authy was recently contacted by Decryptionary, a cryptocurrency and blockchain dictionary, with concerns about security vulnerabilities of using SMS for two-factor authentication (2FA) and questions about how SMS is used in conjunction with the Authy 2FA apps.