Short Message Service (SMS) is a text messaging service component of phone, Web, or mobile communication systems. Short Message Service uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages

Short Message Service Multi-Factor Authentication#

Short Message Service is often used as an Authentication Factor in Multi-Factor Authentication

The pros and cons of SMS-based codes#

  • Pros
    • SMS codes are convenient. There’s no fussing with downloading an app and going through set up for each account. It may be the only option if you don’t have a smartphone.
    • SMS authentication can be a canary in the coal mine. If someone’s trying to break in to your account, the 2FA messages on your phone are warning that it’s time to investigate (and to change your password).
  • Cons
    • A crook can hijack your SMSes with a SIM swap scam. If they can convince a mobile phone shop that they are you, they can get them to issue a replacement SIM encoded with your phone number. Your phone will go dead and theirs will start receiving your calls and messages, including 2FA codes.
    • NIST has declared that the age of SMS-based 2FA is deprecated.

Vulnerability #

SIM Swap Scam is a type of fraud that involves a criminal registering an existing number of a cellular company’s client on a new SIM card, that allows you to make and receive calls, SMSes, etc.). They usually do this in order to intercept notifications and One-Time password, that are sent to the Mobile Device

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 15-Aug-2016 17:34 by jim