Two-factor authentication (2FA) is the best way to protect yourself
If your not using two-factor authentication, you should be. If you are already, do you use SMS (text messages) for your two-factor authentication? here’s why you shouldn’t.
The coronavirus pandemic has lead to a rise in hackers and scammers preying on people’s fears during these turbulent times.
You would be wise to be on the lookout for coronavirus scams, and you’d be even wiser to use two-factor authentication to protect your personal information and online accounts.
If you are already using two-factor authentication, you’d be wiser still to use an authentication application rather than receiving codes through a text message, also known as SMS.
Using an authentication application is a win-win. Not only is it more secure than getting codes texted to you, but it also makes the login process faster
Time for some quick Q & As
What is two-factor authentication?
Two-factor authentication (2FA) — also known as two-step verification or multifactor authentication — adds a layer of security to your online accounts, from Amazon, Apple and Google to Facebook, Instagram and Twitter to banking etc. Instead of entering only your password to access an account, you need to enter your password — the first verification factor — and then a code sent via SMS (text message) — the second factor. This means a hacker would need to steal both your password and your phone to break into your account.
Why should I move away from SMS?
For the simple fact that receiving 2FA codes via SMS is less secure than using an authentication app (application). Hackers have been able to trick service carriers into porting (transferring) a phone number to a new device in a move called a SIM swap. It could be as easy as knowing your phone number.
Also, if you sync text messages with your laptop or tablet, then a hacker could gain access to SMS codes by walking off with such a device of yours.
Then there are the weaknesses in the mobile telecom system itself. In what’s called an SS7 attack, a hacker can spy via the mobile phone system provider, listening to calls, intercepting text messages and tracking & seeing the location of your phone.
All of the above scenarios are bad news for those receiving 2FA codes via SMS.
What should I use instead?
An authentication app such as Google Authenticator, or perhaps Microsoft Authenticator or Authy. They have the advantage of not needing to rely on your carrier; codes stay with the app even if a hacker manages to move your number to a new phone. And codes expire quickly, usually after 30 seconds or so.
In addition to being more secure than SMS, an authentication app is faster; you need only to tap a button to verify your identity instead of manually entering a six-digit code.
If you have an Android phone or an iPhone with the Google Search or Gmail app, you can set up Google prompts to receive codes without needing a separate authentication app. You’ll receive 2FA prompts as push notifications on your phone that require a simple tap to approve.
If you require any further help or advice don’t hesitate to call or email.