Would using Google Voice to receive 2FA more secure than using SMS on your phone, especially if you have your Google account secured by 2FA??
1 Like
I use GV for my SMS, but that’s mainly because I use it as my main number. I only use my “real” number in situations where the GV number doesn’t work.
2 Likes
From a security perspective I don’t think there’s much of a difference. Most of the SMS exploits I’ve read regarding 2FA breaches have targeted the underlying protocol used by telephone providers (signaling system 7), which GV still must use to interface with telcos.
However, I’d consider targeting SMS-2FA to be an active attack - meaning someone must be actively targeting you specifically. It’s not too high on my concern list personally.
My qualms with SMS based 2FA have centered around the privacy aspect, like when Twitter admitted they had sold the numbers they’d collected for SMS-2FA to advertisers. At this point I believe any org that solely offers SMS-2FA is either technically incompetent, or making money off those numbers somehow.
2 Likes
I think the correct answer is “Yes, if”. The security problem of intercepted phone calls and text messages is called SIM-jacking, but if you have your Google Voice set to forward all calls and messages to a cellphone number, then you still have the same problem.
Google Voice is more secure IF you turn off the setting that sends calls and texts to your phone. Instead, turn on notifications on your Google Voice app and use that instead. I have removed my Messages app icon from my dock and replaced it with the Google Voice app. I have a few friends that don’t know any better and still send messages to my AT&T number. I write them back in Google Voice and ask them to update their contact list.
-JP
sim-jacking is certainly one vector, but there are plenty of documented flaws with the telephone network that using gvoice won’t get you around.
as in all things
