A SIM swap attack showed me why SMS 2FA is flawed

Last month, a hacker got my SIM card swapped and got into my bank. The text codes sent to my phone did nothing to stop it. Lots of folks act like this two factor auth is solid, but it's not. We need to use app codes or keys instead. It's frustrating how many places still rely on texts for safety.

3 comments

3 Comments

tessam161mo ago

Wasn't there a big news story last year about a guy who lost like a million bucks in crypto from a SIM swap? It really showed how the phone company is the weak link. A hacker just calls them, acts like they lost their phone, and gets your number moved to their device. After that, every text code goes straight to them. It's wild that so many banks still use this knowing how easy it is to trick the support people.

henryh101mo ago

After that story, I get scared whenever my bank texts a code.

-1

the_noah1mo ago

Totally true what @tessam16 said about the phone company being the weak link. Read a tech article last week that basically said the same thing, that these attacks are way too common now. It's crazy that a support rep can just hand over your number after a few security questions that anyone could find online. The whole system needs a big change because text codes are just not safe anymore. Made me go move everything I could over to an authenticator app instead. Banks really need to stop offering SMS as an option because it tricks people into thinking they're secure.