Don’t Risk It! 5 Reasons Why You Shouldn’t Use SMS for Multi-Factor Authentication
Multi-factor authentication (MFA) is the method of confirming your identity by utilizing two or more of the three authentication factors – something you know, something you have, and something you are. When it comes to the something you know factor, most people think of passwords or PINs, but that’s not always the case. You might use your birthday, your mother’s maiden name, or even a random string of numbers or letters as part of the password to make it more secure.
Phones can be lost
The first and most obvious risk of using text messages as a means of authentication is that the phone can be lost or stolen. If someone has physical access to your device, it’s relatively easy to hijack an SMS message before it gets delivered. Even if you have screen locks enabled on your device, many phones allow anyone with physical access to reset their passwords with a few button presses – this allows them to bypass any passcodes and obtain full control over the device without needing to know the original password.
Phones are easily hacked
In 1938, after six years as a textile designer, Frieda Reynolds enrolled in what would become one of the most celebrated secret schools in history: top-secret Station X at Bletchley Park. In a world before electronic computers, she began training to work with hand and machine codebreakers under British mathematician Alan Turing. This step dramatically changed her life for a remarkable set of reasons.
Phone numbers can change
It was also important for these women to not only be able to work with a diverse range of backgrounds and temperaments, but also with many different nationalities. This meant that if one member was forced to leave on account of their nationality, it wouldn’t be difficult for another to step in and pick up where they left off.