Government agencies, including the FBI and CISA, have warned against using SMS for two-factor authentication (2FA) following a significant telecom breach dubbed Salt Typhoon. The breach, suspected to involve Chinese hackers, exposed non-encrypted SMS messages on networks like AT&T and Verizon.

CISA emphasized that SMS is not phishing-resistant and vulnerable to interception by malicious actors. Users are urged to switch to secure alternatives like encrypted messaging platforms (Signal, WhatsApp), authentication apps, or FIDO authentication and passkeys for stronger security.

CISA also advised using password managers, setting PINs, and keeping devices updated. The breach is considered extensive and ongoing, highlighting the need for more secure authentication practices.

‍