SMS Removal from EU Login - starting 30/6/2025

Important: SMS authentication will be discontinued in EU Login by 30 June 2025

Bitte anmelden, um der Gruppe (Discover Futurium) beizutreten.

Futurium Team

28 April 2025 - vor 2 weeks aktualisiert

Why is this change?

SMS is not the best option to use as an MFA method in terms of security.

SMS is easy to setup but it has been known for quite a while as not very secure option to be used as a second factor authentication method. It is vulnerable to several security threats, such as SIM swapping attacks, which can allow unauthorized individuals to gain access to protected resources.

It has become inadvisable option in a lot of secured online resources and in some cases where securityis of significant importance, it is not allowed. According to CERT-EU Security Guidance 22-001, using SMS and voice calls to provide the second factor must be avoided and phishing resistant tokens such as authenticator apps or FIDO2 (Fast IDentity Online) security keys should be considered instead.

Beside the high cost of the SMS service, it has also been target of service denial attacks which increased the load on the technical teams to mitigate against such attacks and make sure the EU Login service is up and running. The SMS service is not reliable at the end as it depends on external service providers that might not be able to guarantee the delivery of the SMSs in time especially in emergency situations.

For all the above, EU Login Steering Committee has decided to phase out SMS from EU Login as an MFA.

What is the timeline?

SMS MFA will be phased out gradually in stages. EU Login plans to decommission this feature soon and will impact FUTURIUM starting 30/6/2025.

Which alternative MFA method do we recommend?

For External Users

With self-registered account using private email addresses:

EU Login Mobile app
Using PIN code or QR code
Removable physical keys like Yubikey USB and NFC
Electronic IDs

For Internal Users

EC or any other EUIBA staff who possess a corporate account:

Security module on device (eg corporate laptops) that can be linked with biometrics.
EU Login Mobile app
Using PIN code or QR code
Removable physical keys like Yubikey USB and NFC
Electronic IDs

For Post-active Users

Retired or post-active EC or any other EUIBA staff:

EU Login Mobile app
Using PIN code or QR code
Removable physical keys like Yubikey USB and NFC
Electronic IDs

Anmelden, um Kommentare zu posten.

Tags: EU Login cybersecurity

Kommentare

Von Alexandre PETRESCU am Mo., 28/04/2025 - 18:33

Could this work without a smartphone?

I might give up using the Portal altogether, because of that.

Anmelden, um Kommentare zu posten.

Von Futurium Team am Di., 29/04/2025 - 09:29

Yes, with a smartphone you can use the EU Login Mobile app.

Anmelden, um Kommentare zu posten.

Von Alexandre PETRESCU am Di., 29/04/2025 - 12:24

I meant without a smartphone. Can it work without a smartphone?

Anmelden, um Kommentare zu posten.

Von Futurium Team am Mi., 30/04/2025 - 14:40

If you don't have a smartphone you will only have the other options, you can check here for the details.

Anmelden, um Kommentare zu posten.