What's stronger: phone/text 2FA or authenticator app?



  • I noticed some very advanced sites don't offer 2 factor authentication via phone/text. Example Salesforce's Heroku:

    enter image description here

    Is phone/text based 2 Factor Authentication generally weaker than using an authenticator app? I'm trying to work out why a major site would not offer 2 Factor Authentication via phone/text, but offer other methods (authenticator app) instead?



  • As of now, it is way safer to enable MFA with an authenticator app compared to SMS, mainly because this specific network technology (SS7) is vulnerable for interception, but also to SIM swapping attacks.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2