Top 5 reasons not to use SMS for multi-factor authentication
Your email has been sent
Multi-factor authentication (MFA), or as we used to call it two-factor authentication, is essential–it means you don’t rely on your password alone for security. That password is something you know, but with MFA you also rely on other factors, like something you are (your face, fingerprint, etc.), or something you have, like a security key.
SMS is the most frequently used additional factor because almost everybody has it, and it’s a little easier to manage for developers–but it’s also the least secure. While it is better than nothing, it’s much more secure to use an authenticator app or a physical security key. Here are five reasons not to use SMS for MFA.
SEE: Secure your data with two-factor authentication (free PDF) (TechRepublic)
All that said, if SMS is your only option, use it! Having SMS on as multi-factor authentication is still better than having no other factors and just relying on a password. If you have the option, you might want to go with an authentication app or, even better, a security key like a YubiKey.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Top 5 reasons not to use SMS for multi-factor authentication
Your email has been sent
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
*
– indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add [email protected] to your contacts list.