The double authentication by SMS was the good old days. But like valve and 56K connections, it’s time to turn the page. This method that we thought infallible is actually one of the least effective to protect our data.
The Salt Typhoon affair recently highlighted the weaknesses of this authentication method. Our SMS is actually as secure as a postcard sent by post. Hackers, supposedly supported by the Chinese government, have managed to intercept thousands of authentication codes sent by SMS. We knew more secure.
The most ironic? Even the FBIyet reluctant to strong encryption which complicates their investigations, now recommends abandoning SMS for the benefit of secure applications as a signal.
The SMS problem is enrolled in its DNA: it has never been designed to be secure. Imagine sending your secret codes on a postcard that any ill -intentioned factor could read along the way. This is exactly what is happening with SMS that pass clearly on telecommunications networks.
The CISA (Cybersecurity and Infrastructure Security Agency) is very clear on this subject: it formally advises against the use of SMS for multifactor authentication, especially for people at risk.
What are the alternatives?
The good news is that there are much safer solutions than double authentication by SMS. Authentication applications Like Google Authenticator, Microsoft Authenticator or Authy are the new guards of our online accounts. These apps generate codes directly on your devicewithout going through the telephone network. A kind of digital safe in your pocket.
These applications use sophisticated encryption algorithms. The codes are generated there instantly and change every 30 seconds. It’s fast, safe, efficient.
In the case of online payments, there are Securipass in Europe, a double authentication method directly accessible from your banking application. The configuration takes a few seconds then the verification can take place thanks to a confidential code that you have chosen or by biometric (facial recognition or fingerprint reader).
By thinking about it, how many of your accounts are protected by SMS? Your bank? Your social networks? Your professional messaging? Each of these accounts is potentially vulnerable. So say goodbye to SMS.
- SMS authentication is vulnerable to interceptions, as proved by the Salt Typhoon affair
- Even the FBI now recommends abandoning SMS in favor of safer alternatives
- Go to authentication applications (Google Authenticator, Microsoft Authenticator, Authy) which generate secure codes directly on your device
By: opera
