Limits of using SMS for 2-factor Authentication

Email-related messages: Mail service provider announcements, general help, other
Post Reply
User avatar
Posts: 853
Joined: Tue Aug 30, 2011 5:45 pm

Limits of using SMS for 2-factor Authentication

Post by spc3rd »

This post contains some important information for those who use 2-factor authentication via SMS for your email accounts. *The article below is credited to Brian Krebs at the Krebs on Security website. This excerpt is only the first part of Brian's article. If you would like to read it in its entirety, a link to the full article is provided at the end.


"September 7, 2016
The Limits of SMS for 2-Factor Authentication

A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code.

Mark Cobb, a computer technician in Reno, Nev., said had his daughter fallen for the ruse, her Gmail account would indeed have been completely compromised, and she really would have been locked out of her account because the crooks would have changed her password straight away.

Cobb’s daughter received the scam text message because she’d enabled 2-factor authentication on her Gmail account, selecting the option to have Google request that she enter a 6-digit code texted to her cell phone each time it detects a login from an unknown computer or location (in practice, the code is to be entered on the Gmail site, not sent in any kind of texted or emailed reply)...."

===========END OF ARTICLE EXCERPT========

Link to read the entire article: ... ntication/

Best regards,
Global Moderator
Post Reply