If you have to use SMS for 2FA, best to use Google Voice?

Would using Google Voice to receive 2FA more secure than using SMS on your phone, especially if you have your Google account secured by 2FA??

1 Like

I use GV for my SMS, but that’s mainly because I use it as my main number. I only use my “real” number in situations where the GV number doesn’t work.

2 Likes

From a security perspective I don’t think there’s much of a difference. Most of the SMS exploits I’ve read regarding 2FA breaches have targeted the underlying protocol used by telephone providers (signaling system 7), which GV still must use to interface with telcos.

However, I’d consider targeting SMS-2FA to be an active attack - meaning someone must be actively targeting you specifically. It’s not too high on my concern list personally.

My qualms with SMS based 2FA have centered around the privacy aspect, like when Twitter admitted they had sold the numbers they’d collected for SMS-2FA to advertisers. At this point I believe any org that solely offers SMS-2FA is either technically incompetent, or making money off those numbers somehow.

2 Likes