2016-08-15#

Pros and cons of Authenticator App Code]#

Pros#

SIM swapping won’t hijack your MFA codes if you’re using an Authenticator App. The codes depend on the app itself, not on your SIM card. Authenticator apps work even when you don’t have mobile coverage. Cons
  • Authenticator Apps depend on a shared secret that both the app and the server need to store. This “seed” is combined with the time to generate the MFA code. If an Attacker can crack the app or the server and recover the secret, they can clone your MFA codes indefinitely. SMS codes are just random values sent by the server, so there is no “seed” by which a crook could predict the next one in sequence.

When you access online services from your Mobile Device, you’ll usually be running the Authenticator App on the same device. This means the crooks have a common point of compromise for both factors of your MFA. A second, lightweight “feature phone” used for SMS codes makes it easier to keep the Authentication Factors apart.

More Information#

There might be more information for this subject on one of the following: ...nobody

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 15-Aug-2016 17:54 by jim