cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Which is better authentication method for MFA - App or SMS?

rajeshgarg2006
Brass Contributor

‎Jul 03 2023 11:36 PM

‎Jul 03 2023 11:36 PM

Which is better authentication method for MFA - App or SMS?

Should I use app based or phone SMS based MFA for my customers? Recently few organisations are asking to take out phone based authentication. Any specific reasons for same.

1,969 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by rajeshgarg2006 (Brass Contributor)
Chandrasekhar_Arya

‎Jul 03 2023 11:41 PM

‎Jul 03 2023 11:41 PM

Solution

Re: Which is better authentication method for MFA - App or SMS?

@rajeshgarg2006 

App based MFA is recommend currently phone-based MFA is the option if you have nothing and there are multiple reasons few outlined below are 

1. SIM cloning is evolving
2. SMS and voice calls are not encrypted. Instead, they’re transmitted in clear text, making them easier to intercept. D
SMS codes are vulnerable to phishing.
Phone company employees can be fooled. Attackers can trick an employee into transferring a phone number to the attacker’s SIM card, meaning the security codes get sent to them instead of you.

SMS and phone call can be intercepted by your mobile phone network provider. By design, because phone number assignments are controlled by your mobile network provider. What this means is that you're subject to any vulnerabilities in the phones network provider, which you have no control of.

 

Outages. Authentication apps and security keys work offline. SMS needs the phone service to be available to work and sometimes the phone system can go down when the internet does not.

SMS isn’t likely to get more secure. As multi-factor authentication becomes more common, more attackers will target it. Attackers usually target the weakest link in security and with MFA, SMS is the weakest link.
 

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by rajeshgarg2006 (Brass Contributor)
Chandrasekhar_Arya

‎Jul 03 2023 11:41 PM

‎Jul 03 2023 11:41 PM

Solution

Re: Which is better authentication method for MFA - App or SMS?

@rajeshgarg2006 

App based MFA is recommend currently phone-based MFA is the option if you have nothing and there are multiple reasons few outlined below are 

1. SIM cloning is evolving
2. SMS and voice calls are not encrypted. Instead, they’re transmitted in clear text, making them easier to intercept. D
SMS codes are vulnerable to phishing.
Phone company employees can be fooled. Attackers can trick an employee into transferring a phone number to the attacker’s SIM card, meaning the security codes get sent to them instead of you.

SMS and phone call can be intercepted by your mobile phone network provider. By design, because phone number assignments are controlled by your mobile network provider. What this means is that you're subject to any vulnerabilities in the phones network provider, which you have no control of.

 

Outages. Authentication apps and security keys work offline. SMS needs the phone service to be available to work and sometimes the phone system can go down when the internet does not.

SMS isn’t likely to get more secure. As multi-factor authentication becomes more common, more attackers will target it. Attackers usually target the weakest link in security and with MFA, SMS is the weakest link.
 

View solution in original post

1 Like
Reply