Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Please Stop Using Text Messaging to Receive Login Codes

Life Hacker – “This week, a stunning story from revealed how easy it is for an attacker to siphon away your text messages. They don’t need access to your phone; they don’t even need your SIM card. They just need to pay a trivial sum, convince a VoIP wholesaler that they’re a reseller (also a trivial matter), and sign a form swearing that they’re allowed to route messages to your number to another. …We’ve said it before, and we’ll keep saying it until all sites and services finally listen: It’s not secure enough to simply use a text message, or two-step authentication, to protect one’s account from unauthorized access. Whenever possible, you should be using a dedicated two-factor authentication app that requires physical access of your hardware—typically your phone—to finish the login process for an account. Text messages are not as secure as you might think. While you might never be the victim of a text-hijacking yourself, this week’s news shows it’s far from an impossibility…”

Sorry, comments are closed for this post.