Feds Warn SMS Authentication Is Unsafe After 'Worst Hack in Our Nation's History' [View all]

Note: I don't know how to categorize the authentication methods I use. Do I use an app? I don't know. I login, they text a code. I think that's the risk they're talking about.
_______________

Feds Warn SMS Authentication Is Unsafe After ‘Worst Hack in Our Nation’s History’

https://gizmodo.com/feds-warn-sms-authentication-is-unsafe-after-worst-hack-in-our-nations-history-2000541129

Do you use text messages for multi-factor authentication? You should probably switch to a different method, especially with everything we’re learning about a recent hack that’s been dubbed the “worst in our nation’s history.” Even the federal government is putting out warnings now, including a call for government officials to only use encrypted apps for communication.

Hackers aligned with the Chinese government have infiltrated U.S. telecommunications infrastructure so deeply that it allowed the interception of unencrypted communications on a number of people, according to reports that first emerged in October. The operation, dubbed Salt Typhoon, apparently allowed hackers to listen to phone calls and nab text messages, and the penetration has been so extensive they haven’t even been booted from the telecom networks yet.

The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance this week on best practices for protecting “highly targeted individuals,” which includes a new warning about text messages.

“Do not use SMS as a second factor for authentication. SMS messages are not encrypted—a threat actor with access to a telecommunication provider’s network who intercepts these messages can read them. SMS MFA is not phishing-resistant and is therefore not strong authentication for accounts of highly targeted individuals,” the guidance, which has been posted online, reads.

_______ More More MORE at the link