Why You Should Stop Using SMS Security Codes—Even On Apple iMessage

Why You Should Stop Using SMS Security Codes—Even On Apple iMessage

Posted October 11, 2020

Why You Should Stop Using SMS Security Codes—Even On Apple iMessage

  • Facebook, PayPal, Microsoft, Twitter, Sony, Uber, Dropbox, Amazon… the list goes on. It’s strikingly ironic—these companies are rightly pushing us to better secure our apps and services with two-factor authentication (2FA), verification codes when we log in or make payments.
  • But the default 2FA option is usually SMS—one-time codes texted to our phones, and SMS has infamously poor security, leaving it open to attack.
  • These messages are in plain text form—they’re not encrypted between sender and receiver, so if an attacker can access the message, they can read the content.

– Zak Doffman | October 11, 2020