'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
Is it OK to use text messages for 2-factor authentication? [Ask ZDNet]
Welcome to the first installment of a new weekly advice column, Ask ZDNet. It's a time-honored editorial format, like Dear Abby but with a much better grasp of modern tech.
This week, we tackle two thorny questions: Are text messages are too dangerous to use as a second factor for 2FA? And why do smoke detector batteries always seem to die in the middle of the night?
Ask away.
Is it OK to use text messages for 2-factor authentication?
I know I'm supposed to use 2-factor authentication for everything, but I keep reading that using text messages for 2FA is dangerous. Do I really need to worry about this? What are my alternatives?
First things first: Yes, setting up 2FA is a crucial security step for any important online account. When this form of authentication is enabled, you need to provide a second proof of your identity when signing in to an online service for the first time on a device. If your password is stolen in an online data breach or someone fools you into giving it up, the attacker can't access your account because they don't have access to a second authentication factor. (For a detailed explainer, see "Multi-factor authentication: How to enable 2FA to step up your security.")
The most basic form of 2FA involves a text message, sent via SMS to a phone you previously registered with your account. After you type in your password, you receive a text message with a code that you enter as the final step of authenticating.
SMS-based 2FA is absolutely better than no 2FA. But it's vulnerable to a variety of attacks, including SIM swapping, where the bad guy is able to intercept the SMS messages and take over the account. This type of attack takes a great deal of work and is most likely to target a high value account, like someone who works at the support desk for a big corporation. But even if you aren't a target for a global hacking network, it's smart to steer clear of SMS authentication whenever you can.
There are two great alternatives to SMS-based 2FA codes. First is a free authenticator app, which generates 2FA codes or receives approval prompts directly on your phone. (For details, see "Protect yourself: How to choose the right two-factor authenticator app.") For maximum security, consider a physical hardware key that you connect using USB or NFC. Hardware keys cost more and aren't as easy to use, but they're ideal for high-value accounts that need extra protection. (See "YubiKey hands-on: Hardware-based 2FA is more secure, but watch out for these gotchas.")
How do I silence that chirping smoke alarm?
The smoke alarm mounted on my bedroom ceiling started chirping again last night, waking me out of a sound sleep. I'm tempted to just disconnect it completely. Any suggestions on how to set things up so I can get an uninterrupted night's sleep once again?
According to the folks at Kidde, which manufactures smoke alarms, there's actually a reason for those chirps in the night.
As a smoke alarm's battery nears the end of its life, the amount of power it produces causes an internal resistance. A drop in room temperature increases this resistance, which may impact the battery's ability to deliver the power necessary to operate the unit in an alarm situation. This battery characteristic can cause a smoke alarm to enter the low battery chirp mode when air temperatures drop. Most homes are the coolest between 2 a.m. and 6 a.m.
Now that we've settled, that, please don't disconnect your smoke detector. It can literally save your life by giving you early warning of a fire so you have time to escape. Modern alarms can also detect another potential killer: the odorless but deadly carbon monoxide.
The simplest fix is to set a calendar reminder to change those batteries around the same time every year, using fresh, high-quality lithium batteries. Don't use rechargeable batteries, and don't use batteries that have been in storage for a while. For those of us in the Northern Hemisphere, Halloween is a good date, in my experience, as it leads into the winter when windows are likely to be closed most of the time and house fires (and carbon monoxide poisoning) are statistically more likely.
If you'd prefer to skip that annual chore, get batteries specifically intended for long-term use in smoke detectors and other critical devices. The Energizer Ultimate Lithium battery, for example, is designed to last 10 years, which is also how often most smoke detectors should be replaced. Just remember to set a calendar reminder for a decade from now to replace those batteries!
Sorry, Ask ZDNET is no longer accepting submissions.