I recently encountered a problem: our company still uses SMS authentication to log in. The managers think it's safe enough, but I read somewhere that this method is easy to intercept, for example, via a SIM jack. And now I'm wondering whether I should suggest switching to another method, or is it not that bad? It seems like our data isn't the most critical, but I'm still worried. Maybe someone knows how safe this method really is?

 

SMS authentication is indeed subject to risks, especially in a corporate environment. Hacking via SIM swap and message interception is not uncommon. Alternative methods, such as TOTP, are much more reliable. If you want to delve deeper into the topic, you can read the totp rfc, it describes the principles of operation in detail. At our work, we decided to abandon SMS and switched to an authenticator app. So far, no complaints, and the employees are also happy.

 

Thank you very much for your advice and help! Indeed, switching to TOTP looks like a more reliable option. I was just thinking that it was time to discuss this with management to eliminate the risks associated with SMS. I will read the totp rfc in more detail to be prepared for questions. Thanks for the recommendation and personal experience!