Every cell phone ever manufactured contains a unique device identifier (a “UDID”) that serves as the “fingerprint” of that device. While hacking or spoofing may work on common two-factor authentication systems because they receive, not send, text messages, the SnapID™ system eliminates this hacking by using the fingerprint of the phone to verify that the message is being sent by a legitimately authorized phone and not a "spoofed" number. A text message cannot be sent into the SnapID™ system without the cell phone carrying the correct UDID.
Furthermore, two-factor authentication systems rely on information being input into a browser by a user. Typically someone using a cell phone receives a text message containing an authorization code and then must enter the code that appears on the token or cell phone’s screen into a field on the webpage. By definition this opens the process to “man-in-the-middle” (MITM) or “man-in-the- browser” (MITB) attacks that compromise the security of the entire process.
SnapID™ uses a patented process that completely eliminates any information being entered into, or shared through the browser. All communication occurs on a secure server-to-server connection outside of the browser environment and thus excludes, by definition, any possibility of MITM or MITB attacks.