Source: dzone.com
Is There a Benefit to Two-Factor SMS, or Is It a Waste of Time?Category: Security, Data, android, ios, automation
SMS-based two-factor authentication may not give you as much security as you think!
SMS is not always a smart way to protect your data and, in this article, we will cover exactly what makes you vulnerable if you are depending on this type of security.
Some of these allowed you to read your SMS messages via your browser, and were protected by username and password only.
In order for SMS interception to be valuable, an attacker needs to also have your primary credentials: your username, and password.
In addition to looking at cellular carriers, the Princeton team also reverse-engineered the authentication logic of 140 popular websites and found that 17 of them relied on SMS as a single-factor and could be compromised with just a SIM swap even if you didn’t know the password.
SMS is not always a smart way to protect your data and, in this article, we will cover exactly what makes you vulnerable if you are depending on this type of security.
Some of these allowed you to read your SMS messages via your browser, and were protected by username and password only.
In order for SMS interception to be valuable, an attacker needs to also have your primary credentials: your username, and password.
In addition to looking at cellular carriers, the Princeton team also reverse-engineered the authentication logic of 140 popular websites and found that 17 of them relied on SMS as a single-factor and could be compromised with just a SIM swap even if you didn’t know the password.
Related Articles
Community Partners
DevOps Careers