[Reading time: 1 minute]


“OK, OK, I’ve switched on Multi-Factor Authentication. But why should I use one of those annoying authenticator apps? Can’t I just get the security codes sent as SMS text messages to my phone?”

No, you shouldn’t.



Because a criminal can find ways to reroute your text messages and phone calls to their phone.

This means they will receive any security codes that are sent to your phone number.


Don’t believe me?

OK, will you believe Frank?

“Frank on Fraud” recently wrote about a tool that is now available online that could enable the bad guys take control of someone’s mobile phone number. It’s unclear which phone networks are exposed, but apparently it’s all possible because of a fundamental flaw in the underlying technology that many networks still use.



So what should you do?

For your most valuable accounts (e.g. email accounts; online banking; social media accounts), use an authenticator app (e.g. Google Authenticator; Authy) to generate the security codes for you.

Avoid the use of SMS text messages wherever possible.


Because if you receive security codes via SMS and …

A criminal reroutes your phone number to their phone…

Your MFA will be worth Sweet FA.