Authored by: Bryan Lachapelle, President & CEO
For years, Multi-Factor Authentication (MFA) has played a vital role in protecting accounts and devices. While it remains an essential part of a modern cybersecurity strategy, the threat landscape has evolved. Some traditional forms of MFA, particularly SMS-based verification, are no longer sufficient - especially for high-stakes operations like commercial greenhouses.
The most widely used type of MFA today is still the familiar four or six-digit code sent via text message. While this is certainly more secure than using a password alone, it is not a solution that can keep pace with modern cyber threats. SMS is an aging technology, and cybercriminals have developed sophisticated techniques to bypass it. For operations handling sensitive environmental data and automation systems, continuing to use SMS-based MFA introduces unnecessary risk.
The Weak Link in SMS Verification
SMS was never designed as a secure method of authentication. Its dependency on cellular infrastructure exposes it to vulnerabilities in telecom protocols, including flaws in systems like Signaling System No. 7 (SS7). This outdated architecture can be exploited by attackers to intercept messages, redirect communications, or inject malicious content without the user ever knowing.
Greenhouse operations are attractive targets because they rely on continuous system uptime. Attackers are aware that many organizations still use SMS for MFA, and they exploit this by manipulating telecom protocols to steal codes in transit. These methods do not require access to a user’s phone. Instead, they compromise the network itself.
There is also the problem of phishing. If a staff member accidentally enters their login credentials and SMS code into a fake site, attackers can use that information immediately to access the legitimate system. Greenhouse operators cannot afford to have environmental controls compromised by one mistyped password.
The Growing Risk of SIM Swapping
Another serious threat is SIM swapping. In this type of attack, a criminal poses as the account holder and convinces the mobile provider to transfer the victim’s phone number to a new SIM card. Once complete, the attacker receives all incoming calls and text messages, including any MFA codes.
This attack does not rely on advanced hacking knowledge. It depends on exploiting call center employees through social engineering. Once access is gained, criminals can reset passwords, take over bank accounts, or disable business-critical systems. Greenhouse operations that rely on remote access to climate control systems or security alerts are particularly vulnerable to this kind of breach.
Phishing-Resistant MFA: A Necessary Upgrade
To defend against these threats, organizations need to adopt phishing-resistant MFA. This approach uses cryptographic protocols that connect authentication attempts to specific domains. One well-established method is based on the FIDO2 standard. This standard replaces passwords with public-private key pairs, ensuring that authentication only succeeds when the domain matches the stored credential.
Even if an employee is tricked into visiting a fake login page, the system will not release credentials if the domain does not match. This type of MFA removes the human error element from the equation and is far more secure than SMS or email-based alternatives.
Hardware Security Keys: Physical Protection for Digital Access
Hardware security keys represent one of the most secure authentication options available. These devices, often shaped like small USB drives, generate one-time cryptographic responses when physically connected to a system. Because they require physical access, attackers cannot use phishing or network attacks to compromise them.
This makes them ideal for greenhouse operations where executive or administrator-level access should be tightly controlled. If the key is not present, the account remains inaccessible - no code to intercept, no password to guess.
Authenticator Apps and Smart Push Notifications
If hardware keys are not a fit for the team, mobile authenticator apps such as Microsoft Authenticator or Google Authenticator offer a practical alternative. These apps generate time-sensitive codes directly on the device, removing SMS from the process entirely.
However, even app-based authentication has challenges. One such issue is known as MFA fatigue. This occurs when attackers flood a user’s device with repeated approval requests, hoping the user will approve one out of frustration. To prevent this, many modern apps now use number matching. The user must input a number shown on their login screen to complete the authentication, proving they are physically at their computer and aware of the attempt.
Passkeys: The Future of Secure Access
An emerging solution that blends security and usability is the passkey. A passkey is a digital credential tied to a device and protected by biometric data like a fingerprint or facial recognition. Passkeys are phishing-resistant and can be synced across devices using secure services such as iCloud Keychain or Google Password Manager.
For greenhouse operators with multiple users or locations, passkeys offer a practical and scalable way to secure access. They also reduce the workload on IT staff, as there are no passwords to reset or codes to manage.
Balancing Security with Everyday Operations
Transitioning away from SMS-based MFA may initially cause hesitation among teams accustomed to text messages. Clear communication is key. Staff should understand that phishing, SIM swapping, and SMS interception are not theoretical risks. These attacks are happening today and affect businesses that depend on round-the-clock operations.
Introducing phishing-resistant MFA can be done in phases, beginning with high-privilege accounts such as executive logins and system administrators. Over time, broader adoption can follow. The goal is not to burden the team, but to protect the systems that power the business.
Why Waiting Is Not an Option
Clinging to SMS-based MFA can create a false sense of security. While it may check the compliance box, it does little to stop sophisticated attacks. The cost of a security breach - downtime, crop loss, and reputational damage - is far higher than the investment required to upgrade authentication systems.
Modern greenhouse operations rely heavily on data, automation, and remote access. All of these depend on secure credentials. Implementing phishing-resistant MFA is not just a technical upgrade. It is a business continuity measure.
Is your greenhouse still relying on outdated MFA methods? Now is the time to move toward smarter, safer solutions. Our team specializes in implementing secure, user-friendly identity tools tailored for Niagara’s greenhouse operations. We can help you choose the right approach and roll it out without disruption. Let’s talk about how to protect what matters most - your crops, your systems, and your peace of mind.
