Users who rely on two-factor authentication via SMS and consider it as a safeguard for account login are in a fix. Cyber miscreants are embarking on new tactics to swindle users.
The second layer of authentication implemented on applications to keep accounts protected usually involves a code sent on the mobile devices via SMS. However threat actors have devised decisive tactics to acquire the code sent on the mobile phones and hence gain unauthorized access to your device or application. These tactics include:
The list of data breach operations leveraging two-factor authentication via SMS is non – exhaustive. Hence it is always recommended not to share sensitive information over standard text messages as they are insecure and can be easily intercepted.
Cyber Securities therefore expressed a die hard need to devise other forms of two-factor authentication. Many tech companies have already started working in this area. They have designed tools to protect their apps against the vulnerability of SMS-based two-factor authentication. For instance:
Also, if anyone including the user tries to access the account from any other device, they are notified about this via an email or a text message. This is useful to prevent unauthorized access to users account.
Most popular example of hardware token is the Yubikey, which works for a bunch of tech giants like Facebook, Google etc. Yubikey is a hardware authentication device that allows users to securely log into their accounts. It supports one time passwords, public-key encryption and authentication, and U2F (Universal 2nd Factor) protocol.
Universal 2nd Factor (U2F) is an open authentication standard that uses specialized USB (Universal Serial Bus) or NFC (Near-Field communication) devices to strengthen and simplify two-factor authentication (2FA)
Two-Factor authentication is recognized as an important cyber security measure to protect user accounts. More or less all major services now implement some form of two-factor authentication, but the technique adopted by them varies. Weaker implementations are easy targets of threat actors who face negligible problem in bypassing the security, intercepting codes or exploiting account-recovery systems.
Hence, just achieving two-factor authentication is no longer enough. Adopting a more comprehensive approach and cleverly selecting the right step-up 2FA mechanism based on your environment is deemed vital in enhancing service security.
Hits: 173
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.