SMS as a second factor of authentication is not as safe as once imagined – but there are secure alternatives such as FIDO that can deliver a solution that satisfies service providers, and end consumers, whilst also maintaining regulatory compliance.

We are all familiar with SMS confirmations as part of a mobile or web sign‐on process, and many people might consider it a fairly convenient and safe way to authenticate identities. But is it really as safe as it should be? Reports over the last couple of years suggest not. A high‐profile attack on US Black Lives Matter activist and politician DeRay Mckesson in 2016 illustrated the vulnerabilities of SMS authentication. Mckesson’s twitter account suddenly started endorsing Donald Trump, something completely out of character for the activist. His account had been hacked. It wasn’t, however, a password breach; it was a twofactor authentication issue, where SMS was being used as the second authentication channel.

Download the trend report now and sign up for marketing updates.