Can SMS-based two-factor authentication be hacked?
Mehran Muslimi
"高级人工智能与金融科技顾问 | 天使投资人 | 专注于加密货币、区块链、物联网、虚拟现实、网络安全和人工智能创新。MBA。招聘客户经理/销售代表/商户拓展专员。"
Vulnerabilities of SMS-Based Two-Factor Authentication and the Superiority of Face-Based Biometrics
The security of SMS-based two-factor authentication (2FA) has become a matter of concern, as it is susceptible to unauthorized access and exploitation. It is crucial to acknowledge that the response to the question posed is affirmative – SMS-based 2FA can indeed be compromised.
Organizations employing SMS-based 2FA to safeguard their users' online accounts should be cognizant of the fact that malicious actors have devised various techniques to intercept the 6-digit One-Time Password (OTP). Recent exploits, including but not limited to zero-click attacks and "man-in-the-middle" attacks, demand no active engagement from the user. These methods have evolved to be highly sophisticated, effective, and pose a significant threat to security.
Fortunately, there exists a more robust alternative for ensuring the reliable authentication of users: face-based biometrics. By capturing a user's facial map during the creation of their online account, it is plausible to employ this biometric data – the user's face – to authenticate high-risk transactions, such as wire transfers and password resets.
In light of the foregoing, we propose that organizations consider the adoption of face-based biometric authentication as a more secure and reliable means of protecting their users and their sensitive transactions.