SMS 2FA Security Tips

SMS Messaging seems to be the most common form of two-factor authentication (2FA).

2FA is a two step verification method of authentication when logging into an application or web site. It requires two different forms of identification to verify your identity. Your username and password count as the first factor of authentication. The second factor is some other form of identification. This can include things like a security token or a biometric identifier like a fingerprint or facial recognition.

Many web sites employ SMS as the 2nd authentication factor. They use this because it is something that you have in your possession (a cell phone) and it is only accepted for a limited amount of time (e.g. 10 minutes).

Tip 1: Whenever a site offers some form of 2FA, sign up for it. It may not be perfect but it does add more security.

Tip 2: When a company sends you an SMS message, it can come from a regular cell phone number or a shorter 6 digit code. Save the number in your contacts with a name such as "Security My Bank". Once saved, when codes arrive, it adds a level of confidence when you see the number coming from the same source number each time.

Tip 3: Check out the 2FA Directory web site to see whether your favorite sites offer some kind of 2FA.

Tip 4: Prefer software authentication over SMS. Google Authenticator, Authy, and Microsoft Authenticator are good choices for software authentication. (The Google and Microsoft links above are to the Google Play store).

This topic is worth digging into. No one is going to look out for your online security as much as you.