2FA/MFA: Risks & Usability

Why SMS-based MFA is Still A Good Option for Most People

A lot of attention has been focused on the problems with receiving MFA* codes via text messages (SMS). In short, these codes can be intercepted, enabling hackers to get into your account. Because of this, many in the security industry are recommending that people stop receiving these codes via SMS and use authenticator apps or physical keys (e.g., YubiKey).

Remember, this is from the perspective of a typical (non-technical) person
YubiKey — FIPS, a Yubico product
Google Authenticator App (Android)
  1. Getting an MFA code usually requires a targeted attack (as opposed to mass-guessing passwords)
  2. If you’re at risk of being targeted (e.g., journalist or public figure), SMS-based MFA is not a good option for you.

InfoSec & Privacy @RainFocusEvents. Esposo and dad to my favorite people😍 Provide security regulatory compliance & risk assessment consulting. Views are my own

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store