Two-factor authentication? The risks of texting and how to solve the problem

To date, one of the most used methods to protect our money and sensitive data is certainly thetwo-factor authentication: it is a sort of additional online security “lock” to be added to the …

Refurbished Technology: What You Need to Know for a Safe Purchase


To date, one of the most used methods to protect our money and sensitive data is certainly thetwo-factor authentication: it is a sort of additional online security “lock” to be added to the classic username and password, which generally comes in the form of a code sent to the interested party via e-mail or through a simple text message. Only after entering this additional information can you access your account, authorize a payment or log in to a social network or portal to which you are registered.

Well just sending via sms of this key would be at risk of external infiltration, due to the fact that text messages, traveling through non-encrypted systems, can be intercepted without excessive difficulty. So much so that an expert is able to read their contents even without having the possibility of physically accessing the cell phone, and this is not just a potential danger, given that such cases have been widely documented.

The dangers of personal data breaches are numerous: even the installation of apps containing trojans or spyware they can allow hackers to intercept our text messages, therefore also those containing two-factor authentication codes. Not to mention the SIM swap method, which involves moving our phone number to a new card. Once in possession of our personal details and tax code, the scammers contact the telephone operator asking to make the transfer to another simand the game is over in a short time: on the one hand we will not be able to use our number from the card on our mobile phone, on the other hand cybercriminals will be free to access our text messages and take possession of sensitive information.

If these fears were not enough to discourage users, there is another element to take into account: text messages travel on the same channels as calls, so if you are in an area where the signal is absent it would be impossible to receive the message with the authentication code, even if an internet connection was available.

Considering this, it is worth underlining the fact that today it is highly inadvisable to do without two-factor authentication, the only one capable of giving us greater protection online, so one wonders if there is a way to protect ourselves, also considering the risks highlighted above. There are apps that can help in this regard, such as Microsoft Authenticator or Google Authenticator: both free, they generate unique codes which remain valid only for a few minutes and, more importantly, are generated directly on our electronic device without the need for the information to travel dangerously in the ether

By doing this you cut the risk of interception, and since they work “offline” it isn’t even necessary mobile connection to get the codes.

Once configured, usually by scanning a QR code, applications generate a unique code each time they are opened. There are other even more sophisticated and secure programs, such as facial scan authentication or fingerprint authentication, so valid alternatives to SMS exist and just need to be sought.