CertiK says SMS is the 'most vulnerable' form of 2FA in use.
The level of security provided by SMS pales in comparison to authenticators or physical security keys, CertiK's Jesse Leclere says in an interview.
Using SMS as a form of two-factor authentication has always been popular among crypto enthusiasts.
After all, many users are already trading their cryptos or managing social pages on their phones, so why not simply use SMS to verify when accessing sensitive financial content?
Unfortunately, con artists have lately caught on to exploiting the wealth buried under this layer of security via SIM-swapping, or the process of rerouting a person's SIM card to a phone that is in possession of a hacker.
In many jurisdictions worldwide, telecom employees won't ask for government ID, facial identification, or social security numbers to handle a simple porting request.
Crypto California Club – Subscribe
