Latest ads
-
Colombo Kaduwela - Two Storey House for Sale- dilrasan
- Updated:
-
Wechat qr verification
- Pawan2005
- Updated:
-
🚀 GOOGLE AI PRO 18 MONTHS ACTIVATION 🚀- sayuru bandara
- Updated:
-
Pure VPN - Up to 27 Months- vgp
- Updated:
Authenticator app or SMS ?
- Thread starter podiya22
- Start date
1. SMS and voice calls are not encrypted. Instead, they’re transmitted in clear text, making them easier to intercept. Determined attackers have access to a wealth of tools, from software-defined radios to FEMTO cells to SS7 intercept services.
2. SMS codes are vulnerable to phishing.
A tool called Modlishka uses actual content from the site it’s mimicking to get you to enter your info and dumps you out on that site at the end so you don’t even realize you were there. CredSniper and Evilginx are similar phishing tools. A YubiKey or similar isn’t vulnerable to this attack.
3. Phone company employees can be fooled. Attackers can trick an employee into transferring a phone number to the attacker’s SIM card, meaning the security codes get sent to them instead of you.
4. Outages. Authentication apps and security keys work offline. SMS needs the phone service to be available to work and sometimes the phone system can go down when the internet does not.
5. SMS isn’t likely to get more secure. As multi-factor authentication becomes more common, more attackers will target it. Attackers usually target the weakest link in security and with MFA, SMS is the weakest link.
Source: https://www.google.com/amp/s/www.te...-use-sms-for-multi-factor-authentication/amp/
https://gsdsolutions.io/why-are-authenticator-apps-better-than-sms-for-2fa/
2. SMS codes are vulnerable to phishing.
A tool called Modlishka uses actual content from the site it’s mimicking to get you to enter your info and dumps you out on that site at the end so you don’t even realize you were there. CredSniper and Evilginx are similar phishing tools. A YubiKey or similar isn’t vulnerable to this attack.
3. Phone company employees can be fooled. Attackers can trick an employee into transferring a phone number to the attacker’s SIM card, meaning the security codes get sent to them instead of you.
4. Outages. Authentication apps and security keys work offline. SMS needs the phone service to be available to work and sometimes the phone system can go down when the internet does not.
5. SMS isn’t likely to get more secure. As multi-factor authentication becomes more common, more attackers will target it. Attackers usually target the weakest link in security and with MFA, SMS is the weakest link.
Source: https://www.google.com/amp/s/www.te...-use-sms-for-multi-factor-authentication/amp/
https://gsdsolutions.io/why-are-authenticator-apps-better-than-sms-for-2fa/
