- Facebook, PayPal, Microsoft, Twitter, Sony, Uber, Dropbox, Amazon… the list goes on. It’s strikingly ironic—these companies are rightly pushing us to better secure our apps and services with two-factor authentication (2FA), verification codes when we log in or make payments.
- But the default 2FA option is usually SMS—one-time codes texted to our phones, and SMS has infamously poor security, leaving it open to attack.
- These messages are in plain text form—they’re not encrypted between sender and receiver, so if an attacker can access the message, they can read the content.
– Zak Doffman | October 11, 2020