Why SMS is not 2FA
We are evangelists for the benefits of 2 factor authentication, but a data breach at Reddit has demonstrated why mobile text messages are a lousy way to implement it. The news aggregation and discussion platform said it learned last month that attackers had broken into its systems and stolen data including source code, messages and obfuscated passwords. "We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept," Reddit explained. In fact, we might all have hoped that a company with a web presence like Reddit's would have known this already. Along with using a password manager, setting up 2 factor authentication is the simplest way to improve security. Most services offer alternatives to text messages as the way to generate a code that is needed to complete the login process. Where they haven't, we suggest telling them to get their act together, or moving elsewhere.