L’two-factor authentication (2FA) protects better than one password and you should use it with every account that allows it – but not using your phone number. In fact, by using the number you risk unnecessarily exposing yourself to a security risk.
Don’t use your phone number for two-factor authentication
You probably already use this system in some accounts. When you try to log in, you need to find the phone, check the code sent and enter it to continue. This process works better than just asking for the password, which it can be easily circumvented – especially if you always use the same ones.
However, the code via SMS is the least secure of two-factor authentication methods. Indeed, hackers can find methods to transfer the phone number to their SIM card (“SIM-Swap” attack). Or pay another company to redirect your text messages to their number.
Relying on the phone number as a username also carries risks. Especially if the number previously belonged to someone else. You risk accessing an old account, something many users complain about with messenger companies complaining about.
The best alternative is an authenticator app. The most used are Google Authenticator o Microsoft Authenticator. Simply link your account to a 2FA code which is generated every 30 seconds. When you need to log in, just enter the code into the app on your smartphone. This eliminates the risk of someone hijacking the process remotely. Apple has a built-in authenticator nand password managers on iPhone and Mac, so you don’t need to download anything.
Alternatively, one security key, which acts as an authenticator app in physical form. Usually just connect the device via wireless communication such as NFC. Unlike apps, it’s not free – but it’s very quick and convenient to use.
With these alternatives, it’s best to avoid using phone numbers. Some accounts enforce it by choice, but increasingly yes prefer to use apps and keys: when you can, prefer them and leave your number for calls and messages.
Leave a Reply
View Comments