cancel
Showing results for 
Search instead for 
Did you mean: 

SMS for MFA ?

ncarmichael
Rising Star II

I have had a user ask, why should I have to use a MFA app for Jumpcloud, why can't they do it by text/sms message like Microsoft or Google?

What is the official answer?

 

 

1 ACCEPTED SOLUTION

kramachandran
JumpCloud Alumni
JumpCloud Alumni

Traditional MFA factors like SMS or Voice call OTP is not secure and prone to different kind of attacks like Phishing, SIM swap, Man in the middle, brute force etc. JumpCloud has made a conscious decision not to support SMS or Voice call for OTP considering the security risks. It is not mandatory to use Protect, users can use authenticator app of their choice like Google for TOTP. Programmable token or Security keys can also be used.

View solution in original post

1 REPLY 1

kramachandran
JumpCloud Alumni
JumpCloud Alumni

Traditional MFA factors like SMS or Voice call OTP is not secure and prone to different kind of attacks like Phishing, SIM swap, Man in the middle, brute force etc. JumpCloud has made a conscious decision not to support SMS or Voice call for OTP considering the security risks. It is not mandatory to use Protect, users can use authenticator app of their choice like Google for TOTP. Programmable token or Security keys can also be used.