I’ve been reviewing some of my security choices after the latest LastPass breaches. I see some password managers discouraging SMS-based 2FA in favor of Authenticator-based 2FA. I’m curious to understand how SMS 2FA gets compromised: what does attackers need to do? How easy is it to compromise?
In: 9
Because SMS messages can be intercepted or redirected by attackers. This is known as a “man-in-the-middle” attack. There are more secure methods of 2FA that do not rely on SMS, such as authentication apps that generate one-time codes or hardware tokens that produce unique codes when pressed. These methods are more resistant to man-in-the-middle attacks and provide a higher level of security.
Latest Answers