Over the last few days, a number of stories have come out suggesting that text or SMS-based two factor authentication (2FA) is a bad idea. The articles are based on NIST’s updated guidance around authentication, where they warn that SMS-based out-of-band authenticators suffer security risks. Watch today’s video to learn about these risks, but also to hear why I think you should still take advantage of SMS-based 2FA if no other options are available.
Episode Runtime: 6:47
Direct YouTube Link: https://www.youtube.com/watch?v=qFNU1gjr8IQ
EPISODE REFERENCES:
- Is using SMS 2FA is a bad idea? – Slate
- NIST’s Digital Authentication Guidelines draft – NIST.gov
- A great blog post on the security of SMS 2FA – Authy
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply