In today’s digital world, many of us protect our online accounts using two-step verification. This process, known as multi-factor authentication (MFA), usually requires a password and an extra code, often sent via SMS, to log in. It adds an extra layer of protection, but there’s a growing concern: receiving these codes through text messages might not be as secure as we think.
Why Text Messages Aren’t the Safest Option
When you get a code on your phone, you might assume it’s sent directly by the company you’re logging into—whether it’s your bank, email, or social media. In reality, these codes are often delivered by external service providers hired by big tech firms. Some of these third-party firms have been connected to surveillance operations and data breaches, raising serious concerns about privacy and security.
Worse, these companies operate with little public transparency. Several investigative reports have highlighted how this lack of oversight puts user information at risk. Additionally, government agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have warned people not to rely on SMS for authentication. Text messages are not encrypted, which means hackers who gain access to a telecom network can intercept them easily.
What Should You Do Instead?
Don’t ditch multi-factor authentication altogether.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.