---
url: 'https://www.corbado.com/faq/drawbacks-of-sms-authentication'
title: 'What are the key drawbacks of SMS-based authentication?'
description: 'SMS-based authentication has major drawbacks, including security risks, high costs, poor reliability, and a frustrating user experience.'
lang: 'en'
keywords: 'SMS authentication drawbacks, SMS OTP security risks, SMS reliability issues'
---

# What are the key drawbacks of SMS-based authentication?

## Key Drawbacks of SMS-Based Authentication

[SMS-based authentication](https://www.corbado.com/faq/sms-based-authentication-explained) is widely used but
comes with **significant limitations** that impact **security, cost, reliability, and user
experience**.

### 1. Security Risks

[SMS authentication](https://www.corbado.com/blog/sms-costs) is highly vulnerable to attacks, making it an
unreliable security measure:

- **Phishing Attacks:** Users can be tricked into entering their SMS OTP on fraudulent
  websites, allowing attackers to gain unauthorized access.
- **SIM Swapping:** Hackers can **steal a user’s phone number** by fraudulently
  transferring it to another SIM card, intercepting SMS OTPs.
- **SMS Traffic Pumping Fraud:** Attackers **inflate SMS traffic** to generate revenue at
  the expense of businesses, costing enterprises millions.
- **Lack of Encryption:** SMS messages **travel in plaintext**, making them susceptible to
  interception by attackers.

### 2. High Costs

Using SMS for authentication is expensive, especially for **large-scale enterprises**:

- **Per-Message Costs:** Businesses pay **$0.01 to $0.20 per SMS**, which accumulates
  quickly.
- **Operational Expenses:** Managing
  [SMS-based authentication](https://www.corbado.com/faq/sms-based-authentication-explained) includes **vendor
  fees, maintenance, and user support costs**.
- **Fraud-Related Costs:** Companies lose **millions due to SMS fraud**, such as SMS
  pumping attacks.

### 3. Reliability Issues

SMS messages are not always delivered promptly, creating **frustration for users** and
**risks for businesses**:

- **Network Delays:** SMS OTPs may arrive late or not at all due to **network congestion**
  or **carrier issues**.
- **Blocked SMS in Certain Regions:** Some countries **restrict international SMS
  messages**, making authentication unreliable.
- **Carrier Filtering:** SMS messages can be flagged as spam and **never reach the user**.

### 4. Poor User Experience (UX)

[SMS authentication](https://www.corbado.com/blog/sms-costs) disrupts the user journey and **adds unnecessary
friction**:

- **Multi-Device Hassle:** Users must switch between devices to retrieve and enter OTPs.
- **Desktop Login Inconvenience:** Unlike mobile autofill, desktop users **must manually
  type OTPs**.
- **Authentication Fatigue:** Users find entering OTPs **annoying and disruptive**,
  leading to [login abandonment](https://www.corbado.com/blog/login-friction-kills-conversion).

## Passkeys: A Secure and Cost-Effective Alternative

To overcome these limitations, many organizations are replacing
[SMS authentication](https://www.corbado.com/blog/sms-costs) with **passkeys**, a **phishing-resistant,
cost-effective, and user-friendly** alternative. Passkeys eliminate OTPs entirely,
**enhancing security and user experience** while **reducing fraud** and **cutting
authentication costs by up to 90%**.

## Read the full article