top of page

The Best Way To Do 2FA


One of the vital “extra layers of security” that I talk about in my Cybersecurity Basics training sessions and workshops is two-factor authentication (also known as 2FA , MFA or multi-factor authentication).


The article linked below correctly points out that using your mobile number to receive access codes via SMS is the weakest form of 2FA. Mobile numbers are vulnerable to SIM swapping and other attacks.


The article mentions apps like Google Authenticator or Microsoft Authenticator as more secure alternatives. In addition, for the highest level of 2FA security, you might want to consider purchasing a physical security key.


Another option not mentioned in the article is using a VoIP number like those you can get through services like Google Voice. VoIP numbers aren’t vulnerable to SIM swapping. Google Voice is only available in the United States so not everyone can get a Google Voice number.


Also keep in mind that some services and companies won’t accept a VoIP number for authentication. VoIP numbers are classified as land lines which can’t normally send or receive SMS messages. I’ve run into this issue, but many of the services and sites I use do accept my Google Voice number for authentication.


No matter how you set it up (even if your only option is using your mobile number and SMS) you should enable 2FA for all accounts that offer it.



4 views

Recent Posts

See All

Comments


bottom of page