“TechWorld” has some interesting information, such as a story on a report from the National Institute of Standards and Technology. And while you may not see this as being “fun”, it is at a minimum interesting. I’m here to break it down for you.
In this report, the public was advised to stop using two-factor authentication. However, other people suggest that this is the very best way to prevent identity theft. So, which is it? Let’s take a look.
When you get a message from someone, you surely want to make sure that they are who they say they are. In fact, many of us rely on tools like Caller ID. However, you might want to stop doing that, as caller ID can be faked.
As hackers start using this more, they are finding ways to also fake SMS, too, which means technically, they could be faking two-factor or two step authorization/verification which heavily relies on text messaging. So, it is very important to stay vigilant about protecting your information and being careful about what you respond to via text
Why Authorization is Important
When it comes to the importance of authorization in transactions, it’s imperative that you are confident that you can access your info. We now know that it is very easy for a criminal, if they know what they are doing, to get into your accounts by using your password and username. But just a username and a password isn’t enough.
How Two-Factor Authentication Works
When you choose to use two-factor authentication, after entering your password online, you will receive an SMS, one-time use code, which you then use to fully log into your account. For this to work, the following must occur:
- You must have a mobile device
- You must know how to access the device (PIN or biometrics)
- You must have a username and password to an online account
- You must have the one-time use code, which will be sent to the device
Unless all four of these things are present, the account cannot be accessed. So, even if a hacker has your username and password, if you have two-factor authentication set up, they would also need your device to access the account. This makes it much more difficult to illegally access an account and helps your account to be much safer.
How Hackers are Being Smarter than Two-Factor Authentication
Though it is more difficult for a hacker to get into your account that has two-factor authentication, it is not impossible. Here are some ways that hackers are able to get around it:
Man in the Middle Attack:
- The hacker gets access to your username and password
- The hacker tries to login and is denied because you have two-factor authentication set up.
- The hacker contacts you via social media, email, or phone with some type of trick to get your one-time code.
- The hacker will go into a brick and mortar cell phone carrier store and pretend they are you. They get a new phone with your number.
Changing the Number:
- The hacker creates a fake website, and you enter your number into it. They then take your number and change it, and then they keep your original number. This sounds more complicated than it is.
There is a Lot of Confidence About SMS Two-Factor Authentication
When you use SMS two-factor authentication, you don’t have to worry or have concern if your password gets into the wrong hands. Remember, the criminal who has your password still needs your one-time code… and unless they have your phone, they can’t access it.
Companies that offer two-factor authentication give their customers more confidence, and there is an increased interest in the company’s products and services because transactions are more secure.
So, should you be nervous about SMS two-factor authentication? No, you don’t need to. You really do have an extra level of protection, but remember, it isn’t totally fool proof. There are still ways that a hacker can access your accounts, though it is quite difficult.
You can have confidence in two things – First, that banks continue to come up with easy and friendly way to keep all of us safe with an alternative to two-factor authentication, and second, that you are already a step ahead of hackers thanks to your new-found knowledge from reading this article.
One simple way to engage and activate two-factor authentication for all critical websites is to simply do a Google search for “two-factor” and then the name of the site. And example would be “two-factor Amazon.” You’ll definitely find plenty of options to enable Multi Factor Authentication on every critical website your visit.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.