25
Two factor authentication through text messages - is it really worth it?
I set up text based 2FA on all my accounts about 6 months ago after that big data breach at my credit union. Figured it was better than nothing. But last week I got a new phone and had to update my number with every single site. Took me almost 2 hours. Plus my carrier got hit with a SIM swap attack a few months back and a few people I know lost access to their accounts that way. So now I'm wondering if text messages are actually a weak link in the chain. I've been looking into authenticator apps instead but some of my older sites don't support them. For people who have done this a while - is sticking with texts better than nothing or am I asking for trouble by not switching?
2 comments
Log in to join the discussion
Log In2 Comments
brian_coleman1d ago
Is text-based 2FA really better than nothing when SIM swapping is so common?
10
sethr111d ago
My own dumb moment with this was switching phones and forgetting I had 2FA on my old email account. Locked myself out for a whole weekend. I think texts are still better than nothing for most people, but the SIM swap thing is scary. I switched to an authenticator app about 3 months ago and it's way less of a hassle, especially since my phone number didn't change. Have you checked if your older sites support backup codes or something instead of texts?
4