Our smartphones hold almost every important detail of our lives. They store our memories, essential documents, private chats, and, of course, financial apps. While Google has made progress in improving Android security with features like anti-theft protection and a better Find My system, your phone is never completely secure. That is why strong device security is a must.
Many modern services are switching to passkeys for better protection and identification. However, most sensitive apps, especially financial ones, still rely on the traditional method of using a password along with two-factor authentication. In most cases, this involves receiving SMS codes for verification. But SMS codes are not as secure as they seem. I have stopped using them entirely, and you should consider doing the same. Here is why.
SMS-based 2FA isn’t as safe as it sounds
Phone numbers are too easy to hijack
While SMS-based two-factor authentication (2FA) may seem convenient and secure because the code is sent directly to your phone in real-time, it has several vulnerabilities. One of the main reasons SMS-based 2FA is risky is due to SIM swapping.
SIM swapping is a type of attack where a hacker tricks your mobile carrier into transferring your phone number to a SIM card they control. Once they have access to your number, they can intercept your text messages, including 2FA codes, and gain unauthorized access to your accounts. Cases of SIM swapping have been rising steadily, making it one of the prime reasons to avoid SMS-based 2FA.
There are other risks as well. If your device is connected to an unsecured public Wi-Fi network, hackers could exploit vulnerabilities or spyware to access your messages.
But perhaps the biggest problem is that SMS is tied to your phone. If you lose cellular service, you will not receive your OTPs. Worse yet, if your phone gets stolen, the thief could access your SMS messages and use them to enter sensitive accounts like banking apps.
There are plenty of reasons why SMS-based 2FA is no longer a wise choice. Thankfully, there are much more secure alternatives available today.
Authenticator apps are way more secure
They’re faster, safer, and more private
Instead of relying on SMS codes for two-factor authentication (2FA), you should consider switching to authenticator apps. There are several trustworthy options available from well-known companies, such as Google Authenticator and Microsoft Authenticator. These apps perform the same basic functions as SMS-based 2FA but offer significantly improved security.
Unlike SMS 2FA codes, which are sent over by your telecom operator, authenticator apps generate codes locally on your device. This makes them more private and secure. Additionally, these apps can generate the code offline, meaning you don’t need an active internet or cellular connection to authenticate. This reduces your dependence on network availability.
Not all banks and financial institutions in the US support third-party 2FA apps. However, some that do include services like Juno, Robinhood, and credit unions such as UNFCU and Jovia. If you don’t see the option to use an authenticator app, it’s worth reaching out to your bank or service provider for more information.
Some 2FA apps, like Authy, also offer cloud backup features. This app even allows you to sync your authentication codes securely to the cloud, which makes sure that even if you lose your phone or switch to a new one, you can easily restore your 2FA codes on your new Android smartphone without hassle.
The best part is that authenticator apps are just as easy to use as SMS-based verification but provide a much higher level of security. The codes refresh every 30 seconds, making them difficult for attackers to exploit. Most apps, including Google Authenticator and Microsoft Authenticator, are free to use and not tied to your phone number, which eliminates risks like SIM swapping that are common with SMS-based verification.
Setting up 2FA apps on your Android device is simple and straightforward. Just follow these steps on your phone to get started with authenticator apps like Google Authenticator and Authy.
Consider using 2FA apps for stronger protection
While SMS-based 2FA codes are convenient, they aren’t very secure. If you want to better protect your bank accounts, financial services, and sensitive apps, it’s a good idea to switch to one of the best 2FA apps available. These apps are just as easy to use as SMS-based verification but offer far stronger protection.
In addition to using a 2FA app, there are several other settings that you can change to protect your Android device from malware and spyware.
