You are a systems administrator comparing multifactor authentication (MFA) methods for employee logins. Which of the following BEST explains why using SMS text messages as the second factor is considered less secure than using an authenticator app or hardware token?
SMS codes work only over Wi-Fi networks, limiting availability to traveling users.
Mobile-carrier fees for each text message raise operational costs.
SMS text messages are protected by strong end-to-end encryption that prevents interception.
Attackers can divert or intercept SMS codes through SIM-swapping or SS7 attacks.
SMS provides a second factor, but it relies on a phone number delivered across the public telephone network instead of a cryptographic secret stored on a trusted device. Attackers can use social-engineering techniques to transfer the victim's number to a new SIM card or exploit weaknesses in carrier signaling (such as SS7), letting them receive the one-time codes and bypass MFA. Authenticator apps and hardware tokens generate the codes locally and are not subject to carrier-network interception, so they offer stronger protection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SIM-swapping, and how does it compromise SMS-based MFA?
Open an interactive chat with Bash
What is SS7, and why is it a security vulnerability for SMS-based MFA?
Open an interactive chat with Bash
How do authenticator apps and hardware tokens enhance security compared to SMS codes?