For years, Multi-Factor Authentication (MFA) has been the cornerstone of digital security. However, as cybercriminals evolve, older methods are failing. Specifically, the common practice of sending six-digit codes via SMS is now considered a significant risk. For organisations handling sensitive data, SMS-based MFA is no longer sufficient.
While better than a password alone, SMS was never designed for secure authentication. It is vulnerable to several sophisticated attack vectors:
To stay secure, businesses must adopt authentication that removes the human element from the process.
Physical devices (such as YubiKeys) are the most robust defence. They perform a cryptographic "handshake" with the service. Because there are no codes to type and the key must be physically present, remote attackers are completely blocked.
Passkeys use public-key cryptography to link a specific device to a domain. They are "phishing-resistant" because the device will only release the credential if the domain matches the official record. They often use biometrics (Fingerprint or Face ID) for ease of use.
If hardware keys aren't feasible, apps like Microsoft or Google Authenticator are a significant step up from SMS. To prevent "MFA Fatigue"—where users blindly tap "approve" on repeated push notifications—modern apps now require "number matching", where the user must type a code displayed on the login screen into the app.
Transitioning away from SMS requires a shift in company culture. Users appreciate the familiarity of text messages, so it is vital to explain the risks of SIM swapping and the value of the data being protected.
If hardware keys aren't feasible, apps like Microsoft or Google Authenticator are a significant step up from SMS. To prevent "MFA Fatigue"—where users blindly tap "approve" on repeated push notifications—modern apps now require "number matching", where the user must type a code displayed on the login screen into the app.
Relying on legacy MFA provides a false sense of security. Upgrading to modern identity solutions offers one of the highest returns on investment in cybersecurity, as the cost of hardware keys is negligible compared to the fallout of a data breach. Is your business ready to move beyond passwords and text codes? We specialise in deploying modern identity solutions that safeguard your data without frustrating your team. Contact us today to secure your authentication strategy.

























