To protect yourself from hackers, stop using phone-based multi-factor authentication (MFA) codes sent via text messages and phone calls, a leading security expert writes in a new analysis.

Phone codes are vulnerable to interception by hackers, wrote Alex Weinert, Microsoft’s director of identity security, in a recent blog post. Text-based codes are better than nothing, observers say. But users should replace phone-based authentication with apps and security keys.

“These mechanisms are based on Public Switched Telephone Networks (PSTN) and I believe they are the least secure of the MFA methods currently available,” he wrote.

“That gap will only widen as MFA adoption increases attackers’ interest in breaking these methods and purpose-built authenticators expand their security and usability benefits. Plan your transition to passwordless strong authentication now: the authenticator app offers an immediate and evolving option.”