Text-based codes are better than nothing, observers say.
But users should replace phone-based authentication with apps and security keys.
Plan your move to passwordless strong auth nowthe authenticator app provides an immediate and evolving option."
Photographer, Basak Gurbuz Derman / Getty Images
These codes are often sent by phone.
“Telephones are also subject to SIM swapping attacks, which can easily bypass MFA via text message.”
Software can also be a problem.
honestmike / Getty Images
Dont Give Up Your Phone Yet
However, text-based MFA is better than nothing, experts say.
“It should be enabled whenever possible.
For a moreMission Impossible-style approach, the new standardFIDO2 with Webauthnuses biometric authentication, Freeman says.
When successful, it then authenticates the web session,” he said.
Hackers could be lurking on the web just waiting to intercept your password.
