What is 2FA?
2FA stands for two-factor authentication and acts as a second layer of account protection. While there are a variety of 2FA methods, hardware tokens and authenticator applications like Authy rank among the most secure.
What is a SIM swap attack?
A SIM swap scam is a form of account takeover fraud where a scammer gains access to a mobile phone account and proceeds activate a SIM card on an existing phone number. It targets weaknesses in two-factor authentication and two-step verification in which the second step is a text message (SMS), as it allows the scammer to receive any messages or calls directed to the number.
What is the difference between SMS and Authy 2FA?
The SMS method sends authenticator codes via text message. While SMS provides more security than a password alone, it can leave your account vulnerable to SIM swap attacks.
Authy Push Authentication generates an RSA key pair on your mobile device, and then sends the public key to Authy’s servers. When you Approve or Deny an authentication request on your phone, Authy can cryptographically verify that the response came from you and that it wasn’t modified in transit.
This is superior to the more common TOTP/HOTP 2FA method that requires you to enter a code generated by an authenticator application. TOTP/HOTP, while more secure than SMS, is still vulnerable to Man-In-The-Middle attacks. Push Authentication largely eliminates this vulnerability using public key cryptography.