Get in Touch: firstname.lastname@example.org
My wife gets annoyed at two-factor authentication (2FA). You know, that extra step of typing in a code after you type in your password? It’s a smart security feature and you should use it. Even if it’s annoying.
That said, you should avoid using SMS (text messages) for this if at all possible. Why? Because it’s easy for someone who’s savvy enough to hijack a phone number and receive text messages through another system other than your phone.
I’ve seen this happen non-nefariously. We use Dialpad for our phone service at The Universal Design Project. We have a secondary number that I recently set up to use for mass texting through Textiful.
It was eye-opening. I signed an agreement to allow Textiful to use this number and that was all that was necessary. They did some sort of sorcery on their end that redirected all texts to go through their system. I didn’t release the number or port it out of Dialpad. I didn’t change any settings. In fact, if you call the number, it still rings through Dialpad. But if you text it, the texts go through Textiful.
Lesson learned: phone numbers aren’t secure.
The most popular ways of enabling 2FA are SMS and time-based one-time passwords (TOTP) generated through apps like Authy or Microsoft Authenticator. I highly recommend using one of these apps (we use Authy). They all work the same way and are far more secure than SMS.
There are other 2FA methods too, like biometrics or hardware keys (our Google WorkSpace account is secured with a Titan Security Key), though these aren’t as commonly used throughout web services like SMS or TOTP.