What are the key drawbacks of SMS-based authentication?

Vincent Delitz

Vincent

Created: January 31, 2025

Updated: January 31, 2025

Do you want to learn more?

Read full blog post

Key Drawbacks of SMS-Based Authentication#

SMS-based authentication is widely used but comes with significant limitations that impact security, cost, reliability, and user experience.

drawbacks of sms authentication

1. Security Risks#

SMS authentication is highly vulnerable to attacks, making it an unreliable security measure:

  • Phishing Attacks: Users can be tricked into entering their SMS OTP on fraudulent websites, allowing attackers to gain unauthorized access.
  • SIM Swapping: Hackers can steal a user’s phone number by fraudulently transferring it to another SIM card, intercepting SMS OTPs.
  • SMS Traffic Pumping Fraud: Attackers inflate SMS traffic to generate revenue at the expense of businesses, costing enterprises millions.
  • Lack of Encryption: SMS messages travel in plaintext, making them susceptible to interception by attackers.

2. High Costs#

Using SMS for authentication is expensive, especially for large-scale enterprises:

  • Per-Message Costs: Businesses pay $0.01 to $0.20 per SMS, which accumulates quickly.
  • Operational Expenses: Managing SMS-based authentication includes vendor fees, maintenance, and user support costs.
  • Fraud-Related Costs: Companies lose millions due to SMS fraud, such as SMS pumping attacks.
Enterprise Icon

Get free passkey whitepaper for enterprises.

Get for free

3. Reliability Issues#

SMS messages are not always delivered promptly, creating frustration for users and risks for businesses:

  • Network Delays: SMS OTPs may arrive late or not at all due to network congestion or carrier issues.
  • Blocked SMS in Certain Regions: Some countries restrict international SMS messages, making authentication unreliable.
  • Carrier Filtering: SMS messages can be flagged as spam and never reach the user.

4. Poor User Experience (UX)#

SMS authentication disrupts the user journey and adds unnecessary friction:

  • Multi-Device Hassle: Users must switch between devices to retrieve and enter OTPs.
  • Desktop Login Inconvenience: Unlike mobile autofill, desktop users must manually type OTPs.
  • Authentication Fatigue: Users find entering OTPs annoying and disruptive, leading to login abandonment.

Passkeys: A Secure and Cost-Effective Alternative#

To overcome these limitations, many organizations are replacing SMS authentication with passkeys, a phishing-resistant, cost-effective, and user-friendly alternative. Passkeys eliminate OTPs entirely, enhancing security and user experience while reducing fraud and cutting authentication costs by up to 90%.

Do you want to learn more?

Read full blog post

Share this article


LinkedInTwitterFacebook

Enjoyed this read?

🤝 Join our Passkeys Community

Share passkeys implementation tips and get support to free the world from passwords.

🚀 Subscribe to Substack

Get the latest news, strategies, and insights about passkeys sent straight to your inbox.


We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour

Start for free