version 26.6.3 · Self-Help · Printing~3 min read

Authenticator app versus SMS codes, and why SMS is weaker

Both add a second step, but they are not equally strong. Here is why we steer clients toward an authenticator app wherever the option exists.

  1. Understand SMS codes: a one-time code is texted to your number, which is simple but tied to your phone number rather than your phone.
  2. Know the weakness: SMS can be intercepted, redirected through a SIM-swap, or phished on a fake login page in real time.
  3. Understand authenticator apps: the code is generated on the device itself and never travels over the mobile network.
  4. Prefer app-based codes or push approvals when a service offers a choice.
  5. Keep SMS as a backup method rather than your only one, so you are not locked out if you lose the app.
  6. For the highest-value accounts, consider a hardware key, which is stronger again.

Still stuck after those?

You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.

+61 421 346 887
5.0
★★★★★ on Google · loading…
Read all on Google →