Ditch SMS for True Second Factor Authentication standard
At one point, getting a text message with a code seemed like a great way to provide more identity and authentication assurance. Phone networks are out of band from email, the cost of sending the message is relatively inexpensive, and few people are without a cell phone these days. As it gained popularity, SMS-based authentication got the attention of cyber criminals and they soon exposed a number of high- and low-tech attacks that make SMS authentication unreliable. I’ve been on a kick to turn on any 2nd-factor authentication option possible in every site/service that I use. Lately, however, I’m switching to real 2nd-factor options that include apps, U2F, or other methods. To that end, I recently published an article that ...
Continue Reading