How secure are apps compared to SMS? Fact review

For years, 2FA SMS has been labeled an insecure solution – but it’s better than its reputation.

Not a week without cyber attacks. However, apps are the most secure solution for two-factor authentication. Swiss company SMSup http://smsup.de Dare to fact-check and remove common preconceptions about 2FA SMS.

2FA SMS has an undeservedly bad reputation

While two-factor authentication is on the rise, code via SMS is becoming more and more in the background. 2FA SMS scores with undeniable advantages – also in matters of security.

The main arguments against SMS solution are well known: Trojans can intercept messages, someone can look over your shoulder when you receive them and read the code, and criminals can sneak into the SIM card from the provider.

Two of these three points can be easily refuted: 1. Huge effort to get a SIM card for a particular phone number. The attempt – at least in German-speaking countries – is likely doomed due to various security precautions taken by mobile phone providers. 2. If someone else can see the security code you just sent, it won’t help them. Because all these codes are only valid once – and for only a few minutes. A new code will be generated the next time you try to sign in.

This leaves point 3, the trojan on the smartphone – if this happens, 2FA SMS can, of course, be read. But even applications are not safe from Trojans. And they have many other risks that are not discussed.

Advantages of two-factor authentication via SMS

While the application transmits all the data over the Internet, the SMS is sent over the mobile network. These transmissions are of course protected, and unlike online transmissions, they are less likely to be intercepted by cybercriminals. Another advantage: no personal data is sent through SMS, which in the case of the application ends up in the huge databases of data octopus.

Other security risks arise from peripheral devices

Many users use old smartphones for which security updates are no longer available. This leaves the devices vulnerable – and if the Trojan is already installed, it can access all the access data and the 2FA key from the app.

Two-factor authentication is designed to increase security

The truth is that two-factor authentication (2FA) is meant to provide more security when logging in. In order to achieve this, it must be understandable and accessible to everyone. 2FA apps do not offer this feature. Because many people dispense with smartphones, so they cannot install any application. Or they have outdated models whose operating systems are no longer compatible with applications. And still others get overwhelmed when they have to install and run the 2FA app – and therefore don’t set up two-factor authentication.

Last but not least, many older citizens are left behind who only use their cell phones for texting and phone calls. However, these people also use online banking and order online. 2FA SMS also provides this group of people with the opportunity to protect themselves from scammers when logging in.

Why 2FA Apps Are No More Secure Than SMS

Countless servers from well-known companies have been hacked in recent years. And in almost all cases, highly sensitive user data was stolen and exposed on the dark web.

The same risks exist, of course, with databases of 2FA application providers. Because the same encryption methods are used and hackers are getting smarter. Once hackers have access, they can read all the keys – along with various personal data – and gain unrestricted access to various online accounts. Because these keys are of course also stored in the mobile phones of those affected, otherwise the apps will not be able to connect to the servers.

There is also a risk of a man-in-the-middle attack if users use a public hotspot to log into an account. Of course, SMS has a clear advantage here. Since the sent code is valid only once and for a very short period of time, there are no keys stored and the transmission does not take place over the Internet, but over the most secure mobile network.

You can find more information about: https://smsup.de/2fa

Via SMSup

SMSup is a Swiss SMS service provider with a focus on small and medium businesses. Businesses can easily send appointment reminders, notifications, marketing messages and 2FA SMS through our easy-to-use and easy-to-use SMS platform and link their customer account to their Google Calendar or Outlook with a click of the mouse. A comprehensive API is available for businesses and software developers savvy in the IT field.

those: pressetext.com