SMS or Authenticator App? How to Choose the Best Two-Factor Authentication Option

For maximum security, you need to know which option is the best for keeping your account safe and secure.

Two-Factor Authentication (2FA) is an important security measure that’s essential for keeping any account secure. But it’s especially important for you to be informed on the options available to you, and the pros and cons of each, so you can choose what makes the most sense for you. We decided to round up the pros and cons of two popular 2FA methods – SMS and Authenticator App – to help you make your decision.

Pros & cons of using SMS-based 2FA

 

Pros

  • Easy set-up – Activate it right in your account without needing to download another app or take additional steps.
  • Real-time alerts – You’ll know instantly if there’s suspicious activity on your account, so you can take action immediately to protect it.

Cons

  • SIM swaps/duplication – Hackers can call your carrier, report your phone stolen, and request a new SIM be activated on a phone in their possession. Then, all of your calls and texts will go to them instead of you, and they can easily access your account (and any other account, for that matter). 
  • Email – By accessing your email account, hackers can use your email address to request a password change, then change your account settings to replace your info with theirs.
  • Phishing and malware attacks – 2FA codes can be stolen in phishing and malware attacks that give hackers access to your device, where they can access Authenticator and find your codes.

Pros & cons of using Authenticator App

 

Pros

  • No internet connection necessary – It doesn’t need a network connection to work. It does its job, even if your phone is offline.
  • Self-contained – It functions within the app itself, so there’s no way for hackers to hijack 2FA codes and gain access to your account.

Cons

  • See above – Some of the cons mentioned above for SMS-based codes also apply to Authenticator. The difference is in the methods used. There are other ways hackers can remotely access Authenticator on your device, without needing to mess with your SIM card, require you to input the information (as you would in a phishing attack), or be physically present to take the device. There’s also malware that makes it possible to steal codes from Authenticator directly.
  • Can be repetitive – It normally doesn’t sync well if you want to use it across multiple devices; you have to set it up on each device individually. And if you get a new phone, you have to re-sync all of your accounts on that device after setup. However, if you choose to use Authy, you won’t run into this problem. Authy syncs over multiple devices. 

So, what’s the verdict?

Your account is definitely less likely to get hacked with 2FA enabled. As far as where we stand with these two options, we’re going with the Authenticator App, not SMS.

When it comes to security, there needs to be more preventative measures in place to keep your account secure. The Authenticator App provides additional features, such as one-time passwords and time-based passwords, that make it that much harder for hackers to access your account. Keep your account safe and enable 2FA with an Authenticator App today, like Authy.

More Reads + Inspiration

Finally, DIY security for all. Learn how to keep your business safe.