PayPal launches latest struggle to get rid of SMS for MFA
Summary
PayPal is emailing customers about phasing out SMS for multi-factor authentication (MFA), but without a firm timeline and while still offering it as an option. Security experts strongly discourage SMS-based MFA due to its vulnerabilities to interception and man-in-the-middle attacks, but businesses fear losing customers who prefer the convenience of SMS.
IFF Assessment
FRIEND
The move away from SMS MFA, even if slow, is a positive step toward stronger authentication.
Defender Context
Defenders should advocate for stronger MFA methods beyond SMS, educating users on the risks and benefits of alternatives like authenticator apps and hardware tokens. The trend is towards deprecating SMS MFA, but adoption requires user buy-in and clear communication about security benefits.