Millions log in via text message as invisible security flaws quietly expose personal data across everyday online services

• SMS login links rely on possession alone, leaving private accounts dangerously exposed
• Weak tokens allow attackers to guess valid links and gain access to other users’ accounts
• Unencrypted text messages remain a fragile basis for account authentication

Many online services now rely on log-in links or codes delivered via text messages instead of traditional passwords, reducing steps during account access and avoiding storing password databases that attackers often crack.

Despite its convenience, SMS remains an unencrypted communication channel, making it vulnerable to eavesdropping, reuse, and prolonged exposure.