The Post-SS7 Future of 2FA

A few months ago, German newspaper The Süddeutsche Zeitung reported that attackers had used vulnerabilities in the SS7 network to intercept two-factor authentication (2FA) codes and break into a bank. SMS plays the important role of being the easiest form of 2FA to set up, which is why it is also the most widely adopted. This talk explores what the SS7 exploit means for SMS-based 2FA, why SMS is still an important tool, and the ways to improve an SMS integration to make it work best for 2FA.