The Post-SS7 Future of Two-Factor Auth
A few weeks ago, German newspaper The Süddeutsche Zeitung reported that attackers had used vulnerabilities in the SS7 network to intercept two-factor authentication (2FA) codes and break into a bank. Since the report, there has been a fresh wave of news about the problems of using SMS for security, and calling for the end of SMS-based 2FA. But while the security problems are both very real and important, SMS-based 2FA isn’t going anywhere soon. And that’s a good thing.