A new security study warns that SMS-based authentication links pose major risks to user accounts. These URLs, designed as password alternatives, often use predictable login tokens with limited character combinations, making them vulnerable to guessing or brute-force attacks.
Compounding the issue, SMS messages lack encryption, exposing links in transit.
Key findings:
- Over 700 endpoints linked to 177 services identified.
- Nearly 323,000 unique URLs collected from 33+ million messages sent to 30,000+ phone numbers.
Switch to app-based authenticators or hardware keys for better protection.
