Don't Let Two-Factor Text Authentication Lull You Into A False Sense Of Security
[object Object] Earlier this month, activist DeRay McKesson explained on Twitter that his account had been hacked not because he lacked two-factor authentication—the standard for those who don’t want to get hacked—but because the hackers found a workaround for the text-based system he relied on for security.
According to a new Wired article, this is just one of the ways SMS-based security fails to really protect you—even if you’re not a prime target for faux Trump endorsements.
“SMS is just not the best way to do this,” says security researcher and forensics expert Jonathan Zdziarski. “It’s depending on your mobile phone as a means of authentication [in a way] that can be socially engineered out of your control.”
This sort of IRL subterfuge (duping a service rep [or working in cahoots with a state-owned telecom company, if you’re a government agent looking to snoop]) is only one level of hacking. Relying on text messages for your two-factor authentication (and you are using two-factor authentication, right?) leaves you vulnerable to semi-sophisticated virtual attacks as well.
“SMS has turned that ‘something you have’ into ‘something they sent you,’” says Zdziarski. “If that transaction is happening, it can be intercepted. And that means you’re potentially at some level of risk.”
Dedicated hackers can make use of fake cell towers or systematic weaknesses in the global network that connects phone companies (known as SS7) to digitally nab the code that comprises the second step for supposed secure log-in.
So what’s an appropriately paranoid modern tech-user to do?
Any two-factor verification system that doesn’t rely on SMS messaging is an improvement. Google’s recent update aims to make security more palatable by replacing the six-digit code with a simple “yes” or “no” question—but it’s also much less susceptible to hacks because the code is generated within the phone or app that displays it. Other in-app systems on Facebook and Twitter allow those accounts to be locked behind two-factor authentication without relying on any outside messaging system.
Of course, it’s likely only time until the hackers figure out how to crack these new systems. So you might as well go off the grid now.
The Three Biggest Disappointments of the 2025 NFL Season
NBA Cup Final Picks: Knicks vs Spurs Betting Breakdown
College Basketball Betting Picks: December 15-16 Best Bets
- Dolphins vs Steelers Monday Night Football Week 15 Betting Picks
- Sunday December 14th NBA Betting Picks: Top Picks & Predictions
- Vikings vs Cowboys Sunday Night Football Week 15 Betting Picks
- Top 10 NFL Player Prop Bets for Week 15: Best Picks, Odds & Analysis
- NBA Cup Semifinals Best Bets: Thunder vs. Spurs, Knicks vs. Magic Picks
- UFC Vegas 112 Picks: Best Bets for the Final ESPN-Era Card
- College Basketball Picks for Friday: UConn vs. Texas and Best Bets
