With the vast range of resources and information on the Internet, Cybersecurity can sometimes seem like a temporary solution. When you successfully set-up some kind of protection over a particular attack or hack, another one appears.
Your username and password were sufficient to protect your account. But cybercriminals soon found a way around this. They often use “brute force attacks” that hack a user account using various passwords and login combinations to guess the correct password.
To combat these attacks, a second layer of security has been added in an approach called two-factor authentication or 2FA. It is widely used now, but could 2FA leave a loophole that cybercriminals could exploit?
2FA via SMS
Several types of 2FA exist. The most common way, though, is to send a one-time code to a user’s phone. Once this code is entered you gain access to the platform, website or service which gave the prompt. Most of us are familiar with this method, which is also preferred by mainstream social media. This may sound safe enough, but it really isn’t.
Hackers have been known to use simple tricks to steal mobile phone numbers and access victims’ personal information, including bank details. Since most accounts rely on two-factor authentication to receive SMS codes and log into their account, calling someone else’s mobile number can give criminals serious access to your digital life.
2FA Via Authentication Apps
The authentication method is more secure than SMS two-factor authentication. It works on a principle known as TOTP or One Time Password. TOTP is more secure than SMS because the code is generated on the device rather than sent over a network that can be intercepted. This method uses apps like Google Authenticator, LastPass, 1Password, Microsoft Authenticator, Authy, and Yubico.
While it is more secure than two-factor authentication via SMS, there have been reports of hackers stealing verification codes from Android smartphones. They do this by forcing users to install malicious software (software designed to do harm) that copies the code and sends it to hackers. The Android operating system is easier to attack than the iPhone iOS. Since iOS is owned by Apple and Android is open source, it is easy to install malware.
2FA using details unique to you
Biometric method is another way to secure through 2FA. It can be through fingerprint input, facial recognition, retinal or iris scanning, and voice recognition. Biometrics is becoming more and more popular due to its ease of use. Most modern smartphones can be unlocked by swiping your finger across a scanner or having the camera scan your face, which is much faster than entering a password or passcode.
However, biometric data can be compromised by the server on which it is stored or by software that processes the data. A good example is BioStar 2, a security system that uses face and fingerprint recognition technology to give businesses access to buildings. False negative and false positive results can also occur in biometrics. Dust on a fingerprint reader or on a person’s finger can lead to false negative results. In addition, sometimes faces can be similar enough to mislead the face recognition systems.
2FA via Security questions
Another type of two-factor authentication is a personal security question such as “What’s your favourite colour?” or “What was the name of your first pet?” Only the most persistent and intelligent hackers can find answers to these questions. It is not possible, but still possible.
Conclusion
Therefore, the human factor remains the greatest vulnerability to hacking. Successful hackers have amazing psychological tricks. Cyberattacks can take the form of polite requests, dire warnings, messages supposedly from friends or colleagues, or persuasive emails. The best way to protect yourself from hackers is to develop a healthy level of skepticism. Checking websites and links carefully before clicking on them, and using two-factor authentication will greatly reduce your chances of being hacked.
Most importantly, two-factor authentication effectively protects your account. However, avoid less secure methods of sending text messages whenever possible. Just as thieves focus on less secure homes in the real world, Internet hackers look for vulnerabilities. And while sufficient effort can help overcome security measures, hackers won’t make that investment unless they can get something more valuable.