Foul Hackers With Two Factor Authentication

Posted by Neil
Apr 6, 2017

connect-20333_1280Rather than just relying on logins and passwords to protect your business, two-factor authentication adds an extra layer of security to keep out uninvited guests.

Two-factor authentication relies on both something you know and something you have in order to confirm your identity. The something you know is your password, while the something you have is a single-use code sent to your phone via SMS. You need both to log into your account – just one isn’t enough.

The benefit of two-factor authentication is that it stops hackers breaking into your online accounts even if they’ve discovered your password via malware, a phishing attack or some other sly trick. They still can’t access your account unless they have that code sent to your phone.

Some determined hackers are known to hijack mobile phone accounts and port the number to another SIM card, just so they can intercept those SMS codes. It’s a trick favoured by scammers looking to break into online business bank accounts, hoping to clean you out before you even realise your mobile phone has been disconnected.

To get around this problem, many banks and other online services offer the ability to generate single-use two-factor codes using an app on your smartphone instead of sending you a text message. This eliminates the threat of SMS hijacking, while also allowing you to log into services even when you don’t have mobile coverage. It might be particularly useful if you tend to use a different mobile phone number when you travel overseas.

Instead of a one-time code, some services let you use a special USB stick as the “something you have” – refusing to let you log in unless the USB stick is connected to your computer. Alternatively, you can get a keychain fob with a tiny built-in screen, displaying an ever-changing code that is only valid for 30 seconds or so.

Enabling two-factor authentication might sound like a hassle, but thankfully most services let you mark your own devices as “trusted” – meaning you don’t need to enter a two-factor code every time you log in. You’ll still be required to enter a two-factor code when logging in from a new app or a new device, just to be sure that you’re really you.

Once two-factor authentication is up and running it’s not really an inconvenience, especially compared to the inconvenience of dealing with a digital break-in because your security measures weren’t up to scratch.

Comments are closed.