Skip to main content
Back to News

How secure is your phones 2FA?

2nd October, 2023

We can all agree that traditional usernames and passwords are no longer sufficient to safeguard the ever-expanding assortment of online services we utilise.

So, you’ve become a cybersecurity pro, huh?

You’ve got a steel-trap memory for passwords, never fall for phishing scams, and even have two-factor authentication set up on all your important accounts.

But before you start feeling like the Chuck Norris of online security, let’s remember that even SIM-based 2FA isn’t fool proof.

Hackers are sneaky little devils, so it’s always good to stay vigilant and keep up with the latest security measures. After all, you never know when they’ll come up with a new trick to try and catch you off guard…

Research suggests that a surprising number of people have engaged in unauthorised password guessing, with one out of every three people confessing to such attempts.

However, this task is often far from challenging, considering that “123456” continues to be the most frequently used password, which according to Cybernews, is in the top 10 most common passwords listed in 2023.

The Significance of Two-Factor Authentication (2FA)

So, let’s suppose you’ve taken on board a wealth of information – implemented a strong password, stayed on top of software updates for all your devices, and become adept at recognising phishing attempts without inadvertently clicking on them.

You might even have strengthened your social media and other critical accounts with SMS-based two-factor authentication. However, before you become overly confident, it’s important to recognise that there are still vulnerabilities that can allow hackers to bypass SIM-based 2FA.

It’s common knowledge that many individuals reuse the same password across multiple accounts. When a breach occurs on one of these accounts, hackers can effortlessly gain access to everything from your Amazon to your PayPal account.

We can all agree that traditional usernames and passwords are no longer sufficient to safeguard the ever-expanding assortment of online services we utilise.

The encouraging news, however, is that Two-Factor Authentication (2FA) provides a much-needed additional layer of security. Users who activate 2FA effectively block 99.9% of automated attacks.

The problem with SIM-based 2FA

As attack methods become more sophisticated, hackers have discovered multiple ways to bypass 2FA sent as an SMS message. There are many ways to easily trick users into unwittingly downloading malware onto their device or perform a socially engineered SIM swap fraud.

Some hackers use inexpensive mirroring apps to monitor SMS activity and grab SMS authentication codes without users knowing.

Moreover, if you synchronise SMS messages across additional devices like tablets and laptops, it heightens your vulnerability in case one of these devices falls into the hands of a hacker who can effortlessly gain access to your authentication codes. Hackers may also make deliberate efforts to trigger login requests on widely used services and redirect the 2FA verification codes to their own smartphones instead.

In the main, users communicate via encrypted messaging apps such as WhatsApp and iMessage. But SMS does not offer these same protections, and our phone number was never designed with security in mind or as a method to authenticate our identity.

What should you use to replace SMS for 2FA?

Having any type of two-factor authentication (2FA) in place is better than having none at all. It truly is the most straightforward means to safeguard your accounts and reinforce your cybersecurity.

Given the rising number of security breaches and the warning alerts regarding SMS-based 2FA, when feasible, it is advisable to start unlinking your mobile numbers from online accounts.

Additionally, it is wise to abstain from relying on SMS or phone calls for acquiring one-time codes. An excellent approach to enhance your cybersecurity practices involves substituting SMS 2FA with dedicated 2FA apps like Microsoft Authenticator or Google Authenticator.

If you’re seeking assistance in navigating this cybersecurity landscape, consider reaching out to Riven.

We prioritise understanding, planning, and adapting to any changes that may impact your environment.

Feel free to contact us at 01784 437 123 or via email at enqs@rivenassociates.co.uk.

Additionally, you can sign up for our monthly newsletter to stay updated on the latest cybersecurity insights and strategies.

Related articles

Building a Collaborative Environment with Microsoft Teams 365

In today's fast-paced business world, effective collaboration is crucial for success, regardless of company size. Microsoft Teams 365 is a powerful tool that streamlines teamwork, boosts efficiency, and simplifies communication. Recent data shows its user base grew from 300 million to 320 million in 2024. Offering chat, video calls, file sharing, and seamless integration with…

Read More

Safeguarding Your Data: Backup and Recovery with Azure

Microsoft Azure offers robust backup and recovery solutions that can help you ensure business continuity and peace of mind..

Read More

What are IT Managed Services?

Outsourcing IT services provides increased efficiency, cost savings, and expert support, allowing businesses to focus on core competencies.

Read More

Case Study 2: Building Success with Microsoft Copilot

See how fictional UrbanBuild Constructions leveraged Microsoft Copilot to transform their construction project management, resource planning, and financial oversight. This case study of founder Alex Rodriguez highlights how Copilot's AI-powered tools helped them complete projects faster, optimise resources, improve budgeting, and set their growing company up for long-term success.

Read More