Data Privacy Regulations
 

Two-Factor SMS Authentication is No Longer Safe

September 21, 2017
 
 
 
#analysis, #news, #authentication

If you use SMS two-factor authentication for your email program or any banking applications, you need to understand that it is no longer safe. Switch to a different two-factor verification method if possible or take other precautions.

One of the most important things is to protect is your primary mail account. For Gmail, you can use Google Authenticator (a smartphone application), a USB key fob, or even a one-time codes you can store in a variety of ways.

Your other accounts may not have alternatives to two-factor SMS, but if you can secure your primary email account and ensure that you are receiving notifications of password changes and transactions to that account, you will have achieved at least a level of control if not complete security.

Since banking apps usually require additional security questions, that layer of security can protect you, even if you are using two-factor sms authentication. But change to something better if you can and be sure to choose questions that are not easy for someone to research. With the sophistication of criminals today, and the data they are gaining access to via data breaches and social media, it's not beyond them to find your mother maiden name, your high school, or other second level demographic data.

More information about the recently uncovered threat:


• This is why you shouldn’t use texts for two-factor authentication

Researchers show how to hijack a text message

https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin

 

• All That's Needed To Hack Gmail And Rob Bitcoin: A Name And A Phone Number

https://www.forbes.com/sites/thomasbrewster/2017/09/18/ss7-google-coinbase-bitcoin-hack/#2d8fdcd941a4

 

• Where are the flaws in two-factor authentication?

One of the main tools for keeping hackers at bay offers no guarantee of security

https://www.economist.com/blogs/economist-explains/2017/09/economist-explains-9

 

 
 
Privacy Prime
  • 22 Jan 2018

    Meticulous Equifax Timeline

    Data Breach timeline for Equifax's 2017 Data Breach. One of the most significant data breaches to date.

  • 22 Jan 2018

    2017 Year End Review

    Every year breaches are becoming more prevalent and have a much higher impact then years prior. Take a look at some of the breach reports that it made it on our list.