About us
The product has been added to the shopping cart Show shopping cart
Your current path:

Two-factor authentication via SMS

Reading time: 4 minutes

Table of contents

You may have already noticed: Since March 2023, Twitter has only made its two-factor authentication available to users for a fee. This announcement naturally caused a stir and was not necessarily well received. SMS is not necessarily secure.

The problems with two-factor authentication via SMS

Two-factor authentication – or 2FA for short – is used to protect accounts. Instead of just using the user name and password as access data, 2FA brings another component into play. This is intended to prevent accounts from being hacked by unauthorized persons. As a rule, this also works because 2FA only works via something personal that hackers cannot simply copy. In the case of two-factor authentication via SMS, this personal object is the user’s cell phone. Hackers therefore not only need a name and password to gain access, but also the cell phone so that they can receive the text message. Right? Unfortunately, hackers are intelligent people who are always finding ways to circumvent or bypass security systems. This also applies to two-factor authentication via SMS. Cell phones and smartphones are a popular target for hackers. After all, they usually contain a lot of personal data such as phone numbers and email addresses of friends, family and acquaintances. A paradise for hackers, so to speak. If a cell phone is infected with malware, hackers can not only read the data on the cell phone. In the worst case, they can also read all messages and text messages that arrive on the cell phone. This also applies to text messages as part of 2FA.

The SS7 protocol

The reason why the risk is so high is the so-called SS7 protocol. This is the “Signaling System 7”. This protocol was developed in 1975 to connect all telephone networks worldwide. The problem: In 1975, the Internet did not yet exist and cell phones as we know them were still a long way off. The SS7 protocol is therefore outdated in some ways, but is still in use. There have been updates and improvements, but authentication is not possible with the SS7 protocol. This means that hackers can gain access relatively easily and then, for example, listen in on conversations or read text messages. The text message with the authentication code is then easily visible and the security is gone. Unfortunately, the SS7 protocol itself cannot be influenced and nothing can be done about the vulnerabilities. However, you can at least make your own cell phone as secure as possible against hackers. This reduces the likelihood of an attack.

Measures for secure SMS

Of course, it is very important that you protect your cell phone or smartphone from direct access by others by using a screen lock. This can be a password, but a fingerprint or eye scan is even better. Something that nobody can steal. You should also turn off notifications on the lock screen. What’s the point of using a screen lock if everyone can still read everything as soon as it pops up? It is also important to protect the SIM card with a PIN. If the cell phone is lost or falls into the wrong hands, the SIM card can be used for all kinds of mischief that you would rather avoid. Speaking of SIM cards: skilled hackers are able to use a separate SIM card to access your phone number and install it. Messages and calls are then no longer sent to your SIM card, but to the hacker’s SIM card. If your SIM card no longer seems to work for any reason, it is best to have it blocked by your provider. Safe is safe. Something that is often forgotten, but should actually go without saying: Install anti-virus software on your cell phone. What is standard for most people on their home computer is often neglected on their cell phone. This opens the door to hackers.

Conclusion

2FA with SMS is not the most secure method. There are certain vulnerabilities that unfortunately cannot be influenced. However, you can take measures to make your own cell phone more secure against unauthorized access. By the way: There is a very simple solution to the problem with Twitter: an alternative two-factor authentication such as the Authenticator from Reiner SCT. This can be used to protect any account, including Twitter accounts. And at no additional cost.