Don't Let Two-Factor Text Authentication Lull You Into A False Sense Of Security
[object Object] Earlier this month, activist DeRay McKesson explained on Twitter that his account had been hacked not because he lacked two-factor authentication—the standard for those who don’t want to get hacked—but because the hackers found a workaround for the text-based system he relied on for security.
According to a new Wired article, this is just one of the ways SMS-based security fails to really protect you—even if you’re not a prime target for faux Trump endorsements.
“SMS is just not the best way to do this,” says security researcher and forensics expert Jonathan Zdziarski. “It’s depending on your mobile phone as a means of authentication [in a way] that can be socially engineered out of your control.”
This sort of IRL subterfuge (duping a service rep [or working in cahoots with a state-owned telecom company, if you’re a government agent looking to snoop]) is only one level of hacking. Relying on text messages for your two-factor authentication (and you are using two-factor authentication, right?) leaves you vulnerable to semi-sophisticated virtual attacks as well.
“SMS has turned that ‘something you have’ into ‘something they sent you,’” says Zdziarski. “If that transaction is happening, it can be intercepted. And that means you’re potentially at some level of risk.”
Dedicated hackers can make use of fake cell towers or systematic weaknesses in the global network that connects phone companies (known as SS7) to digitally nab the code that comprises the second step for supposed secure log-in.
So what’s an appropriately paranoid modern tech-user to do?
Any two-factor verification system that doesn’t rely on SMS messaging is an improvement. Google’s recent update aims to make security more palatable by replacing the six-digit code with a simple “yes” or “no” question—but it’s also much less susceptible to hacks because the code is generated within the phone or app that displays it. Other in-app systems on Facebook and Twitter allow those accounts to be locked behind two-factor authentication without relying on any outside messaging system.
Of course, it’s likely only time until the hackers figure out how to crack these new systems. So you might as well go off the grid now.
- MLB Picks Today: Jack Flaherty, Aaron Nola Strikeout Props for Phillies vs. Tigers
- France vs. Morocco Best Bets: Top Picks for World Cup Quarterfinal Clash
- Big 12 Sleeper Picks: Three Teams That Could Win the Conference in 2026
- Scottish Open Predictions: Top Bets, Longshots and First-Round Picks
- MLB Picks for Today: Why the Marlins and Yankees Offer Betting Value
- WNBA Best Bets Today: Wings vs. Liberty, Sky vs. Mercury Picks for Tuesday
- MLB Best Bets for Monday: Giants Value and Rangers-Angels Under

