We've written and talked about two-factor authentication (2FA), also known as two-step verification (2SV), before.
Most of us have a good general idea of what 2FA is all about: it means you need to prove yourself in two different ways before you can log in or use a service.
When you withdraw money from an ATM, for example, just inserting your card isn't enough. You need to enter a PIN (personal identification number) as well.
But there are numerous other sorts of 2FA, and many of them don't rely only on a static secret PIN like your bank card. They have a one-time code that changes every time you want to log in.
SMS 2FA: Pros.
+The code is different every time, so if your regular password is breached or stolen, it's not enough for a crook.
+The code is tied to your phone number, which can't be changed by malware on your computer.
SMS 2FA: Cons.
–If your mobile network is down or you are out of the coverage area, you can't receive the code.
–Crooks may be able to port your phone number (also known as a SIM swap) through an accomplice in a mobile phone shop, and receive your calls and messages until you notice your own phone is dead.
–If you are logging in and receiving the SMS on the same device (e.g. a tablet or smartphone), your login codes are as much at risk as your password.
Full Article
