I’ve been reviewing some of my security choices after the latest LastPass breaches. I see some password managers discouraging SMS-based 2FA in favor of Authenticator-based 2FA. I’m curious to understand how SMS 2FA gets compromised: what does attackers need to do? How easy is it to compromise?
In: 9
Someone else can pretty easily get your texts, either by intercepting them over the air or getting the phone company to redirect them. Since nearly any device that can receive text messages can run an authenticator app instead, you should use the app. (SMS 2FA is still better than only having a password, though, so you should still enable it if it’s the only 2FA option.)
Latest Answers