Two-Factor Authentication helps secure your account, however, there are still some considerations you must take when choosing the method to generate your Two-Factor login code.
Text Message (Less Secure)
Using text messages to retrieve your login code is less secure than using an Authenticator app.
The primary reason why it's less secure is that it's easier for a hacker to gain access to your text messages than it is to gain physical access to your phone. There are methods for hackers to redirect your text messages, or hack into your phone carrier and access the text messages. With an authentication app, the codes are generated and stored temporarily on your phone (or other device) and expire within a certain timeframe.
Note: Using text message Two-Factor is still better than no Two-Factor, however, keep in mind that it's not 100% secure - given the lack of security around text messaging.
Authenticator App (More Secure)
Using an authenticator app to generate your Two-Factor login codes is more secure than text messages. The primary reason is, it's more difficult for a hacker to gain physical access to your phone and generate a code without you knowing about it.
Keep in mind, the phone or device you have the authenticator app installed on should be protected with a secure password.
Additional Notes on Security
There are some additional measures you can take to ensure the security of your GoCo account:
- Never share your login or password with anyone (GoCo will never ask you for your password).
- Make sure your authentication app is installed on a secured device that only you have access to.
- Update your password with a strong password frequently.
- Don't use the same password on GoCo that you use for other services.
- Always be skeptical of emails, phone calls, and text messages that ask you to share your login, password, or your personal information that could be used to access your account.
If you have further questions, please contact us at help@goco.io. 💚
FAQs
You should use an authenticator app over SMS authentication because it is more secure and less likely to be intercepted by cybercriminals. Authenticator apps generate 2FA codes locally on a device, rather than sending them unencrypted over text message.
Is an authenticator app better than SMS? ›
Authenticator apps are not only faster and more reliable than SMS 2FA, they also enforce an additional layer of security, such as a passcode, a password or biometrics (i.e. fingerprint).
Should you use authenticator app? ›
An authenticator app helps you to improve your online security by adding two-factor logins to any accounts you connect to the authenticator. This makes it harder for hackers to access your accounts, so we highly recommend using an authenticator app and two-factor authentication.
Is text message authentication Secure? ›
This is because SMS messages are not encrypted and rely only on the security of phone networks and companies–which are notoriously easy to access. Another way they can get into your messages is by tricking you into installing malware on your device.
Is SMS 2FA better than OTP? ›
SMS authentication is another type of possession authentication, as the user must have access to the correct mobile handset. A one-time password is a common 2FA tool. One time passwords (OTP) are valid for a single login session on a computer or other digital device.
Which authentication method is better? ›
Most Secure: Hardware Keys
External hardware keys, like Yubikeys, are among the strongest authentication factors available. Also called FIDO keys, they generate a cryptographically secure MFA authentication code at the push of a button.
What are the disadvantages of SMS 2FA? ›
While SMS-based MFA is a popular method, it also comes with several risks and limitations. One of the primary dangers of using SMS for MFA is the potential for interception. SMS messages are not encrypted, and attackers can intercept them using various techniques, including phishing, malware, and SIM-swapping attacks.
What is the disadvantage of the authenticator app? ›
Drawbacks of authenticator apps
Device dependency: If a user loses their device, or it malfunctions, they lose access to their authenticator app. They may need to go through a lengthy account recovery process as some auth apps do not offer backup codes.
Is an authenticator app secure? ›
A more secure and convenient method is authenticator apps.
The codes are generated within the app on the device itself and are not transmitted over the network, making them a safer choice for 2FA.
Is it safe to use Google Authenticator? ›
Google, Microsoft Authenticator, and other Authentication apps are the next level of protection. They provide the additional layer of security. It means that knowing only the password is not enough now. Even if a thief gets your password he won't get an access to your protected account.
SMS authentication is vulnerable to several types of attacks, such as phishing, SIM-swapping, and interception. For example, a hacker could send a phishing message to the victim's phone, tricking them into giving away their login credentials or MFA code.
What is text message authentication? ›
SMS Authentication is a kind of identity proof often used for two-factor authentication (2FA) or multi-factor authentication (MFA). In SMS authentication, the user provides a code that has been sent to their phone via SMS as proof of their identity.
Why is SMS not safe? ›
Like e-mail, SMS is not end-to-end encrypted; the message may remain stored on a server for some time, allowing bad actors to read it at a later date. There are a number of attack scenarios that can allow a malicious party to obtain SMSes that are intended for someone else.
What is the safest 2 step verification? ›
Authenticator apps like Google Authenticator are generally considered more secure than SMS codes, as SMS can be vulnerable to SIM swapping attacks. However, both methods offer an additional layer of security compared to passwords alone.
Which is the strongest 2FA method? ›
Hardware security keys like YubiKey provide the most secure form of two-factor authentication. Unlike SMS or authenticator apps which can be phished, hardware keys offer phishing resistant authentication by requiring physical possession of the key.
Can 2FA SMS be intercepted? ›
But this method of mobile authentication isn't actually as secure as you may think. Not only can an SMS message be spoofed and actually originate from a malicious actor, but they can also be intercepted by man-in-the-middle attackers with increasing ease in order to perform account takeover (ATO) attacks.
How to use authenticator app instead of SMS? ›
How do I switch my office account to use Microsoft Authenticator instead of text message
- Click your photo or initials. Select the view account link.
- Click the view account link. Select update info on the security info tile.
- Select Update Info. ...
- Click add sign-in method. ...
- Choose Authenticator app.
SMS Two Factor Authentication (Dual Factor Authentication) is a security verification procedure, which is triggered through a user logging into a website, software or application . In the log-in process, the user is automatically sent an SMS to their mobile number containing a unique numeric code.
What is SMS authentication? ›
SMS Authentication is a kind of identity proof often used for two-factor authentication (2FA) or multi-factor authentication (MFA). In SMS authentication, the user provides a code that has been sent to their phone via SMS as proof of their identity. In theory, SMS authentication provides a second identity factor.
What is better than two-step verification? ›
MFA is more secure than 2FA. But many companies still use 2FA for two reasons. One, it's cheaper and easier to setup. Most software suites support 2FA, but not all of them support MFA.
