Is SMS Two-Factor Authentication Secure?

From itsecurityguru.org

Phone and computer

With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator but maintain their phone number, threat actors are able to impersonate unsuspecting victims by effectively stealing their mobile number.

One study conducted by researchers at Princeton found that North American prepaid telecom companies, in most cases, would allow customers – or anyone pretending to be a customer – to port their number over with just one correct security answer.

Read more…