Which method uses SMS codes for two-factor authentication but is vulnerable to interception?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your CIAM certification readiness with comprehensive quizzes featuring flashcards and multiple choice questions. Each question is equipped with helpful hints and explanations. Ace your CIAM exam now!

Multiple Choice

Which method uses SMS codes for two-factor authentication but is vulnerable to interception?

Explanation:
Text Message Authentication uses one-time codes sent to a user’s phone over the SMS network as the second factor. This approach adds a layer of security, but the channel it relies on is inherently vulnerable because messages travel through telecom networks that can be intercepted or redirected. Attackers can exploit SIM swap to take over a phone number, abuse SS7 weaknesses to divert or intercept messages, or compromise a device to read incoming texts. Because the code travels outside the user’s direct control, it can be captured and used by an attacker to gain access if the password is known. By contrast, a hardware USB key provides a physical token that isn’t sent over the phone network, and biometrics verify identity locally on the device, without exposing codes over a network. This makes text-based codes one of the more vulnerable 2FA options among the given choices.

Text Message Authentication uses one-time codes sent to a user’s phone over the SMS network as the second factor. This approach adds a layer of security, but the channel it relies on is inherently vulnerable because messages travel through telecom networks that can be intercepted or redirected. Attackers can exploit SIM swap to take over a phone number, abuse SS7 weaknesses to divert or intercept messages, or compromise a device to read incoming texts. Because the code travels outside the user’s direct control, it can be captured and used by an attacker to gain access if the password is known. By contrast, a hardware USB key provides a physical token that isn’t sent over the phone network, and biometrics verify identity locally on the device, without exposing codes over a network. This makes text-based codes one of the more vulnerable 2FA options among the given choices.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy