I’ve been reviewing some of my security choices after the latest LastPass breaches. I see some password managers discouraging SMS-based 2FA in favor of Authenticator-based 2FA. I’m curious to understand how SMS 2FA gets compromised: what does attackers need to do? How easy is it to compromise?
In: 9
The most common method is called SIM card hijacking. Someone can call your phone company and tell them you want to move your phone number to another device. All calls and texts will then be forwarded do a new phone. Another method is SIM cloning which requires the actual SIM card; I’m not sure how this is done with new E SIMs now.
Latest Answers