You are a systems administrator comparing multifactor authentication (MFA) methods for employee logins. Which of the following BEST explains why using SMS text messages as the second factor is considered less secure than using an authenticator app or hardware token?
SMS text messages are protected by strong end-to-end encryption that prevents interception.
Attackers can divert or intercept SMS codes through SIM-swapping or SS7 attacks.
Mobile-carrier fees for each text message raise operational costs.
SMS codes work only over Wi-Fi networks, limiting availability to traveling users.
SMS adds a second factor, but it depends on the phone number rather than on a cryptographic secret stored on a trusted device. Attackers can convince a mobile carrier to move the victim's number to a new SIM card (SIM-swapping) or exploit SS7 carrier-signaling flaws, letting them receive the one-time codes and bypass MFA. Authenticator apps and hardware tokens generate the codes locally and do not rely on carrier networks, making them much harder to intercept.
Sources:
Professor Messer, "Authentication Methods" - SMS can be intercepted or redirected via phone-number reassignment.
Vectra blog, "The Hidden Risks of SMS-Based MFA" - SIM swapping and SS7 interception threaten SMS codes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SIM swapping and how does it work?
Open an interactive chat with Bash
What are some alternatives to text message two-step verification?
Open an interactive chat with Bash
What are encryption and its role in securing communications?