Why SMS for 2FA is a BIG mistake!
My clients hate 2FA (two factor authentication). They hate it even more when I say, "You should use an authenticator app, doing 2FA with SMS (short message service, a.k.a text messages) is not secure."
"I don't wanna download load another app on my phone."
"It is a pain to setup."
"Text messages work and are easy."
I respond, "OK. Got it."
Here is why:
Here are 3 reasonable thing you can do:
- Don't get crazy paranoid. If you are reading this blog article you are probably not the daughter of a Middle Eastern Emir or someone will zillions of dollars. You probably do not have enemies who can afford to fund or enough money to justify a sophisticated attack like the one detailed in the video.
- Use an authenticator application (good) or a hardware token (best) for 2FA. Only use SMS/text messages if you have to.
- Use applications with end to end encryption like Signal and WhatsApp for text communications.
Here is 1 less reasonable thing you can do:
- Get a burner phone or a burner SIM card.
Here is 1 totally unreasonable thing you can do:
- Convert all your assets to gold. Eliminate all electronic devices from your life. Move to the woods. Live in a hole.