FBI and CISA urged against SMS-based MFA due to interception risks, especially after cyberattacks like Salt Typhoon. Security experts have long advised moving to stronger alternatives. SMS can be compromised through SIM swapping, smishing, and MitM attacks. Despite its vulnerabilities, it's still widely used. Companies need layered approaches to replace SMS with secure options like FIDO, non-SMS authenticator codes, and password managers. Strong authentication should be enforced across all organizational levels, as weaker accounts are often less secured.
