Mikaela's company has implemented multifactor authentication using SMS messages to provide a numeric code. What is the primary security concern that Mikaela may want to express about this design?

SMS messages are not encrypted, meaning that they could be sniffed and captured. While using two factors is more secure than a single factor, SMS is one of the less secure ways to implement two-factor authentication because of this. SMS messages can be spoofed, can be received by more than one phone, and are typically stored on the recipient's phone. The primary threat here, however, is the unencrypted message itself.