Two-Factor SMS not ideal for passwords

June 26th 2016

Wired:

The last few months have demonstrated that SMS text messages are often the weakest link in two-step logins: Attacks on political activists in Iran, Russia, and even here in the US have shown that determined hackers can sometimes hijack the SMS messages meant to keep you safe. Whenever possible, it's worth taking a minute to switch to a better system, like an authentication smartphone app or a physical token that generates one-time codes.

Using SMS is certainly better than nothing. It's just not as secure as it could be, with worst case serving as just a speed bump.

Apple's iCloud two factor seems to be an ideal way of dealing with authentication, but that's limited to securing your Apple ID. You need to have possession and access to a relatively secure device. Google Authenticator and Authy are two other options that work through dedicated apps. My preference is using time-based one time passwords via my password manager 1Password. Once set up, I can use 1Password for generating the secondary code, and not need to deal with a second app or token.

Two-Factor SMS not ideal for passwords

Recent Articles

Browse and search for more articles


Home	About	Advertising	Search
Copyright 1995-2024 Insanely Great Mac. All rights reserved. Privacy Statment \| Terms of Service \| Editorial Policy