It’s precisely why so many different actors including the aforementioned NIST have called SMS OTP for 2FA an outdated mobile authentication solution.
Mobile networks carry within SS7 technical flaws that can be used to intercept or reroute an SMS message that contains your one-time password. SS7 technical flaw security risksįor as long as I’ve worked in this industry, the SS7 vulnerability was a source of concern, and that hasn’t changed since 1975 when it was originally introduced. Let me list out some of the biggest issues of SMS OTP for 2FA. Why it is time to ditch SMS OTA as 2FAĪs I’ve stated above, SMS OTP as 2FA comes with multiple shortfalls for all parties involved. Let’s first talk about why this is the time to ditch SMS OTP for 2FA before discussing better alternatives for secure and seamless mobile authentication. It should be, but only if it’s in favor of better mobile security solutions. So, is this the year of ditching SMS OTP as 2FA? You have to type in your phone number, request an SMS, wait for it to arrive before you finally put the code in – and that’s if the code ever arrives. In addition to the security risks, the user experience of SMS OTP 2FA itself isn’t up to par with today’s standards either.
0 kommentar(er)
