Many websites and apps give you the option to use SMS codes with which you can log in. But that is not really safe …
Do you use SMS codes to log in? You really don’t have to do that
Your digital safety is becoming increasingly important and malicious people are getting more and more skill in stamping your personal data. To give some counter gas to this, two -step verification (2FA), among other things, has been created.
You have to perform a second step (in addition to your username and password) to gain access to your account. That can be a code (via an app), a special USB stick or an SMS. But if you still use SMS codes to log in, you really have to adjust that once.
This is why SMS codes are unsafe
Two -step verification with SMS works quite handy, because you will immediately receive a code on your phone and you can log in. But SMS is not designed with safety in mind. These are the most important safety risks in SMS codes:
SMS has no security: Hackers can intercept the messages used for logging in via SMS codes with simple tricks such as spoofing and phishing. The messages are not encrypted and are sent as text. This also makes them easy to read.
SIM swapping: Criminals can mislead your telecom provider to transfer your telephone number to their SIM card. For example, they receive your SMS codes on their smartphone and they can log in to your accounts.
What can you use better than SMS codes?
Instead of logging in with SMS codes, there are several alternatives that are safer.
- Authenticator apps Such as Google Authenticator or Microsoft Authenticator. You can find the apps in the App Store. These generate a code locally on your device that changes and has to fill in every 30 seconds when you log in. You do not need an internet or network connection for this;
- Security keys (such as Yubikey) Have the highest form of protection and are practically impossible to hack remotely. The disadvantage is that you have to buy a special device for that;
- Pass key: This is a new, safe way to log in without passwords. Instead of a password you use a digital key that is stored on your device. You then confirm your identity with face recognition (such as Face ID), a fingerprint or a pin code. Companies such as Apple, Google and Microsoft already support passkeys, but not many sites yet.
Do you want more tips? Or be kept informed of all the news about Apple, iPhone and more? Then subscribe to our newsletter and download the app!
Download the iPhoned app
