It might be time to switch from SMS 2FA codes to an authentication app


I think we have all encountered two-factor authentication (2FA) from time to time. This could have been when setting up an email or any other account online. 2FA is also a measure that allows us a second layer of protection when we are logging in to Gmail or even ZOOM. After entering a password users get a prompt to check out phone for an SMS code to proceed. I usually went the SMS route to get the 2FA codes in order to log into my accounts. But there is a risk associated with using SMS for two-factor authentication.

The risk of SMS two-factor authentication

For a good long while I thought that SMS 2FA was bulletproof but there was a danger I had overlooked. Your mobile network operator is the intermediary between you and the one-time password that will allow you to proceed. That presents a real problem because services require you to have one number linked to your account.

Hackers or anyone with the where with all, could clone or move your phone number to another device. A study published in January this year revealed that some US carriers were vulnerable to sim swap attacks. If someone is able to do this then they could gain access to a number of accounts that are linked to that number. A way to avoid a situation like this is by using an authentication app.


What is an authentication app?

Authentication apps generate one-time passwords for two-factor authentication. The one-time passwords are created by an algorithm and they are time-sensitive. This means that the password the application gives you will only work for a short time until another is generated. We briefly touched on authentication apps when ZOOM rolled out an update that allowed users to include 2FA when logging in. Since that time I have tried out a number of authentication application:

I can’t really nail down why but I preferred Google Authenticator but the others are really good too. It’s really simple to add an authentication app as your 2FA option, we can take Gmail as an example using Google Authenticator:


  • Download Google Authenticator (iOSAndroid)
  • Enable two- factor authentication (if you haven’t already) by going to
  • Click Security on the left side of the screen
  • Scroll down to the Signing into Google section
  • Look for the option to turn on 2-step verification (if it isn’t already on select the option to turn it on)
  • If you haven’t already enabled 2FA then you’ll get prompts to enter your Gmail account password. You’ll need to enter your phone number and then choose SMS.
  • You’ll get an SMS code that will allow you to complete 2FA setup
  • On that same page, you will see options for how you want to receive your codes. Click the option that reads “Choose other option”
  • Select the Google Authenticator
  • You will then be prompted to select the type of mobile operating system. Choose the device that you have installed the Google Authenticator on.
  • You’ll then be presented with a QR code to scan.
  • Open Google Authenticator app on your device. Click the plus icon in the bottom right corner and scan the QR Code.
  • You’ll then be prompted to enter the code that comes up in the Google Authenticator.
  • Enter the code and click done.

You’ll still get codes using Google Authenticator if you don’t have an internet connection on your mobile phone.

When you log into your Gmail you’ll have to enter your password as usual but you’ll also have to enter the code generated by Google Authenticator.

Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, chat with us using the chat feature at the bottom right of this screen

Comments 2

As I like to say: Replacing 2 with M doesn’t necessarily cut it. And that includes those passwordless solutions that leverage basic biometrics (Touch ID, Face ID) that can be easily spoofed. I believe that without an indisputable ID-proofing and authentication process that involves the use of advanced biometrics (liveness test) and the user data being stored encrypted in the Blockchain, we’ll actually continue to be able to buy ($1 for all the info inherent to a bank account) user data on the Dark Web…

Your email address will not be published.


Cara handal
4 months ago

authentication process that involves the use of advanced

Your email address will not be published.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

ZERA introduces e-licenses for the petroleum sector

Android users beware there is malware spreading via WhatsApp messages

Video: Young African and Aspiring – Nyeleti Furumele founder of #BossGirl

Technikari Special: AfriBlocks co-founder Tongayi Choto joins us to talk about Techstars 2021