It's always a good idea to protect your accounts with some 2-factor authentication (2FA), but not all methods are made equal. While SMS and phone call 2FA has been around for a long time, Microsoft says it's about time we hung it up and move on to better technologies.

What Did Microsoft Say About SMS 2FA?

Alex Weinert, the Director of Identity Security at Microsoft, wrote a post on the Tech Community website. He discusses the current state of multi-factor authentication methods and why text and voice 2FA isn't as strong as it once was.

First, phone-based 2FA can't adapt to attacks as well as other technologies. If a hacker finds a way to exploit SMS or phone calls, you can't really adjust how these technologies work to stop intruders.

On top of this, phone calls and SMS messages aren't encrypted; you need a special app to do that for you. If hackers manage to tap into your calls or messages, they can get all the information they need with minimal effort.

Getting a phone call or text message also largely depends on how good your mobile network is. If you're in an area with spotty service, it may not be easy actually to receive the code.

Even worse, SMS messages are "fire and forget," meaning the sender doesn't have any way to see if its messages arrive on the client's phone. It just sends the text message and hopes the client got it okay.

To top things off, phone-based 2FA uses a customer support system to back it up. The people working at customer support can be tricked or coerced by hackers to access phone 2FA, thus granting them access.

Alex Weinert states that he doesn't want to come off as if he dislikes 2FA. He thinks it's an essential part of anyone's online security. It's just that 2FA that relies on phone services are flawed, and stronger alternatives should be used.

Are Phone-Based 2FA Methods Really Outdated?

Alex does make a fantastic point with his post. When 2FA began making waves on the internet, phone certification was one of the easiest and quickest ways someone could secure their account.

These days, however, SMS and phone call 2FA have a lot of competition that do the job better. For one, email 2FA is simple and effective, as you can secure an email account with a strong password and use an encrypted email service to protect your messages.

Not only that, but some apps and services generate 2FA codes for you. There's no need to have one sent over to you; open the app, see what the current code is, and you're good to go. These apps can be further secured using biometrics or passcodes.

In essence, Weinert does hit the nail on the head. While 2FA is important, SMS and phone calls are weaker and less-convenient methods to secure your account.

Making 2FA Even Stronger

While 2FA is important, Microsoft believes that there are better ways to protect your account than using SMS and phone calls. As 2FA technology continues to develop,  receiving a code via text may become a long-lost past-time.

Of course, Microsoft wasn't the first to have this idea. There are plenty of reasons to stop using SMS 2FA and adopt technologies such as U2F keys.

Image Credit: vladwel / Shutterstock.com