Why is 2FA via SMS not considered secure? What does an attack look like or require?

309 views

I’ve been reviewing some of my security choices after the latest LastPass breaches. I see some password managers discouraging SMS-based 2FA in favor of Authenticator-based 2FA. I’m curious to understand how SMS 2FA gets compromised: what does attackers need to do? How easy is it to compromise?

In: 9

6 Answers

Anonymous 0 Comments

Social attack vector. “Yes hello servicedesk? I am John Smith and my phone died. I could not be without so I bought a new one, but can’t log in with it.”

Given the pressure on most service desks, verification of these things tends to be minimal.

Technical attack vector would be the cloning of a SIM.

You are viewing 1 out of 6 answers, click here to view all answers.