Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the adequacy of the security of A2P messaging used for two-factor authentication by gov.uk websites.

Security is a key priority for all government services, alongside accessibility and inclusion (i.e. points 4, 5 and 9 of the Service Standard). There isn't a cross-government standard or mandate, as use of A2P depends on the particular needs and user base of individual services. While there are more secure methods of 2FA / MFA, use of A2P for 2FA significantly reduces the risk of account compromise and ensures the widest compatibility and usability across all user bases.

Though we note that the NCSC has affirmed it's acceptable as a second factor in certain cases.