SMS Authentication

Why SMS Authentication Isn't Safe Anymore

The most common two-factor authentication method is a password and a time-based one-time password (TOTP), which can be sent to your phone via SMS.  So even if your password is compromised, the cybercriminals will need the second factor, a code sent to your phone, to log into your account.  However, using SMS for two-factor authentication is not considered safe anymore.  Why is it not safe anymore?  What should we use then?