Secure your small business:
Apps → Data →

Overview: SMS Authentication

Quick Definition

SMS Authentication is a kind of identity proof often used for two-factor authentication (2FA) or multi-factor authentication (MFA). In SMS authentication, the user provides a code that has been sent to their phone via SMS as proof of their identity.

In theory, SMS authentication provides a second identity factor. While usernames and passwords represent something that only the right user knows, an SMS code delivered to a particular mobile device is evidence of the possession of something (a particular mobile phone) that only the right user should have.

In practice, however, SMS authentication is a poor avenue for this identity factor because the world's SMS systems themselves are tremendously insecure, having been designed and deployed decades ago when cybersecurity was in its infancy and often not considered at all.

SMS infrastructure is often authentication-free, and transmits, stores, and receives data in plain text, making it susceptible to interception and eavesdropping. SMS also relies on phone numbers that are themselves generally unsecured and easy to steal, spoof, or port.

For these reasons, most experts do not recommend heavy reliance on SMS codes as an authentication factor, though the ubiquity of mobile phones and users' familiarity with them has led many organizations to deploy SMS authentication anyway as the path of least resistance to 2FA or MFA compliance.

Need SMS Authentication solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.