Blog

Why is SMS OTP not secure?

April 17, 2020 by Author

Table of Contents

1 Why is SMS OTP not secure?
2 How secure is SMS authentication?
3 What is an SMS security code?
4 Which is better OTP or password?

Why is SMS OTP not secure?

SMS OTP verification only relies on a user’s mobile number, so the system is vulnerable to the so-called “SIM Swaps”. To launch such an attack, a hacker obtains personal information from the user through methods such as phishing and social engineering.

How secure is SMS authentication?

So, to answer the question: no, SMS authentication is not entirely secure. In fact, the National Institute of Standards and Technology (NIST) formally advised against the use of SMS authentication in 2016.

Is SMS 2FA secure?

SMS is the most frequently used additional factor because almost everybody has it, and it’s a little easier to manage for developers–but it’s also the least secure. While it is better than nothing, it’s much more secure to use an authenticator app or a physical security key.

Can hackers intercept SMS?

There are several ways a hacker can intercept SMS messages sent to your phone for authentication purposes. First of all, your SMS messages can easily be intercepted by law enforcement, security services or other parties if your phone is bugged. They call you several times and note information about the phone calls.

What is an SMS security code?

SMS Authentication is a kind of identity proof often used for two-factor authentication (2FA) or multi-factor authentication (MFA). In SMS authentication, the user provides a code that has been sent to their phone via SMS as proof of their identity. In theory, SMS authentication provides a second identity factor.

Which is better OTP or password?

An OTP is more secure than a static password, especially a user-created password, which can be weak and/or reused across multiple accounts. OTPs may replace authentication login information or may be used in addition to it to add another layer of security.

Is 2FA email secure?

Email 2FA remains the most unsecure of all the approaches, simply because an email address is not tied to a specific device and it’s possible to compromise a large number of accounts once you have someone’s email password.

Can SMS OTP be intercepted?

OTP via SMS Hijacking SMS-based 2FA method has several serious security drawbacks. SS7 Attacks – OTP codes can be intercepted by criminals, who take advantage of severe security flaws in SS7 message transmission protocol.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.