Instead of sending you a secret message that you then have to send right back, authenticator apps work by generating two matching codes, one on Twitter or Instagrams or Gmail’s servers, one on your phone. Authentication apps are safer and will work without internet or service. “That doesn’t it doesn’t even require the kind of social engineering or ‘SIM swaps’ more high profile attacks are prone to,” Saeed says. Specialized quasi-legal equipment, known to be widely used by law enforcement, can slurp up texts in bulk. SMS messages are insecure by the very nature of the network they’re sent on. Think you are safe just because you aren’t a juicy target? That’s not quite the case either. “CEO of Twitter Jack Dorsey got hacked his Twitter account got hacked into because its 2FA codes were being sent via SMS.” “A very high profile case of this happened last year, Saeed explains. What now? Well, I find out your phone number and your service provider, call the support line pretending to be you, tell them I lost my phone and that they need to change the number to a new one. The con works like this: I have your password and want to break into your account, but you have SMS-based 2FA on. “But SMS is susceptible to man in the middle type attacks.” “So most people use SMS today because it doesn’t require the download of anything,” Saeed explains. In the case of SMS-based 2FA, you are proving that you possess your phone by delivering the special code that is delivered to it.Įxcept when you’re not. Or it can be something you possess, like a physical key. It can be something you are, which is what you provide if you verify your identity with a fingerprint or retinal scan. “So we can have a little bit more assurance that the person is not just a robot that’s feeding off a database of login information.”Ī second factor can be a number of things. “It just provides a second additional layer of security,” Saeed says. With two-factor authentication, you’re adding an additional complication that stacks the deck in your favor. Though if you’ve ever been hacked, you know this isn’t always the case. You are proving you are who you say you are by sharing a secret that, theoretically, only you should know: your password. When you go to log in to Twitter or Facebook and dutifully type in your password, you’re performing something that could be described as one-factor authentication. 2FA is essential and you should absolutely turn it on. We talked with Nabeel Saeed who works on the terrific security app Authy - available on Android and iOS - for the basics on why going the extra mile to use an authentication app is worth the trouble. Most online services will guide down a path where you’ll be texted a verification code, but this isn’t as foolproof as you may believe. By setting your accounts to require an extra, time-sensitive code when you login, you’re protecting yourself from the constant and increasing scourge of widespread password leaks.īut while two-factor is important, there is a good way to do it and a better way to do it. At this point, I hope you know that two-factor authentication (2FA) is an absolute must to stay safe on the internet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |