PacketMoat is reader-supported. When you buy through links on our site, we may earn an affiliate commission at no extra cost to you.
SMS vs MFA is the biggest security debate today, but the answer is clear. I remember when I was studying for my CISSP (Certified Information Systems Security Professional) exam, the very first chapter talked about an idea that has stuck with me for years: When you add more security, you reduce functionality.
On the flip side, if you reduce security, you increase functionality (ease of use).
Over the years, my experience has proven this true. My users used to hate it when I introduced strict tools like CyberArk into the environment. But today, I want to talk about the one trade-off you must make: switching from SMS (Text Messages) to an Authenticator App (MFA).
The Problem with SMS (Text Messages)
Put simply, SMS is a protocol used to allow communication between two mobile devices. It is easy and efficient, but here is the kicker—it is not secure.
This is the classic example of “less security, more functionality.” Because SMS is so easy, hackers can exploit it using something called a SIM Swap.
What is a SIM Swap? A SIM card is that cute little chip inside your phone that connects you to your carrier. Hackers can use phishing (or social engineering at the phone store) to trick your carrier into moving your phone number to their phone. Once they do that, they intercept all your texts—including your bank login codes.
Why Authenticator Apps (MFA) Are Better
MFA stands for Multi-Factor Authentication. You might be familiar with apps like Google Authenticator, Microsoft Authenticator, or Keeper (which I reviewed in my last post).
These applications use a Time-Based One-Time Password (TOTP). Basically, the app has a rotating key that changes every 60 seconds. When you want to log in, you open the app on your phone and type the code before the timer runs out.
Why is this safer?
- No Interception: The code is generated locally on your phone. It doesn’t travel through the air like a text message, so hackers can’t intercept it.
- Device Bound: Even if a hacker steals your phone number, they don’t have your physical phone with the app installed.
Is it more of a headache than just waiting for a text? Yes. But what is your data worth to you? We increase security with just a slight hit in convenience.
MFA stands for Multi-Factor Authentication.
You might be familiar with apps like Google Authenticator, Microsoft Authenticator, or Keeper (which I reviewed in my last post).
These applications use a Time-Based One-Time Password (TOTP). Basically, the app has a rotating key that changes every 60 seconds. When you want to log in, you open the app on your phone and type the code before the timer runs out.
Why is this safer?
- No Interception: The code is generated locally on your phone. It doesn’t travel through the air like a text message, so hackers can’t intercept it.
- Device Bound: Even if a hacker steals your phone number, they don’t have your physical phone with the app installed.
Is it more of a headache than just waiting for a text? Yes. But what is your data worth to you? We increase security with just a slight hit in convenience.
Conclusion
Integrating MFA is the key to keeping your digital kingdom safe.
Think about your email account. From there, you can reset passwords, verify identities, and access almost every other account you own. If a hacker gets into your email via a SIM swap, they own everything.
That is why the “Holy Trinity” of personal security is:
- Strong Passwords (Keeper)
- Strong Authentication (Google Authenticator)
- Hardware Keys (YubiKey – Coming Soon)
Stop using SMS. Download Google Authenticator today and switch your email over. It takes 5 minutes, but it could save you a lifetime of headaches.