SMS Two Factor Authentication Is Very UnsecuresteemCreated with Sketch.

SMS 2FA dead.png

Photo courtesy of Hacker News

As many in crypto already know, two factor authentication (2FA) essentially requires two modes to log into an account. In this case a username & password, then a six digit code sent via SMS (Short Message Service) or via an app.

Now there is a key difference between these two versions of 2FA. SMS is a lot less secure, as the message can be easily intercepted by anyone willing to put the effort in. It takes a simple google search and wallah, plenty of tutorials on how to intercept a SMS text.

The US National Institute of Standards and Technology (NIST) warned that SMS is a poor way to deliver 2FA. NIST also declared that sending one time passwords to mobile phones is also insecure. If a hacker knows your phone number, which isn't hard to figure out these days with social media and the amount of services that require are phone number. Then all they have to do is tell a service to send the text, intercept it, enter the code, and they're in.

2FA example.png

Photo courtesy of MIT News


If a hacker can intercept and subvert SMS texts, a person may never know until it is too late that their account has been breached. And most hackers don't have a hard time finding personal information since a majority of people put their personal info all over the internet, it is now easily accessible via a simple google search of a persons name.

Scores of businesses like Google, Facebook, Twitter, and others use SMS verification as a fall back, which leaves them exposed to being intercepted.

NIST even stated:

"Due to the risk that SMS messages or voice calls may be intercepted or redirected, implementers of new systems should carefully consider alternative authenticators."

Now you ask what are these alternative authenticators?

There are a few, but the common ones seen in crypto are Duo Mobile and Google Authenticator. Both of these offer much more security as they send the code to one place, the app. You can consider this True 2FA and SMS as a very insecure system you should avoid at all cost.

I personally use both Duo Mobile and Google Authenticator, this is partially due to the fact that some exchanges only take one or the other. They both work well, but I prefer Duo Mobile, as it is a cleaner interface and it's codes don't refresh every 30 seconds like Google Authenticator, which can be a hassle when logging in. In Duo, you simply click the key and the code appears, you re-click the key if you need a new code.

Duo MobileGoogle Authenticator
Duo for article.jpgGoogle authenticator.jpg


As you can see they are both pretty simple. Click "+" symbol and it allows you to scan or manually add a new code for an account or to change an account.

I highly recommend that you 2FA all your cryptocurrency accounts. If you really want to be safe, you should have a different email for all your cryptocurrency accounts. I even suggest doing it for other accounts whether it be a bank account, school accounts, etc., it is much safer. Along with that never use a password more than once or for multiple accounts; you are a hackers paradise, as once they get one password, it's over.

This even goes for if you used a password five years ago on your Reddit account (for example), and you want to use it on a crytpocurrency account. If Reddit has/had a breach some where in those five years, and hackers get a hold of the data, they will sell it on black markets to other people. Those people will then use the log in info to try to breach other accounts of the user.

I hope this brings everyone up to speed with which 2FA is truly 2FA and which is not. Cybersecurity is something that should not be taken lightly.


If you liked this content, please upvote, comment, share, and resteem it!

Follow me @investoranalysis

Thanks!

Sort:  

Follow and UP... We can never be too safe... ;) Check my blog for daily ICO info... Thanks...

Thank you! Exactly, security is so important. I'll check them out!

I have run out of voting power for the day, but I will follow you and re-steem this and then upvote something some other day. Thanks for replying on my post about being hacked.

No worries, thank you for commenting! Hope you enjoy the content.

I did and my vote finally came through. :)

You could make more money by blogging through ADSactly. Visit our discord to inquire about our process. We do need people who write well-formed English on interesting topics such as yourself.

https://discord.me/adsactly

And my username is supreme there

Thank you! I'll check it out! I currently follow the Steem channel.

Coin Marketplace

STEEM 0.51
TRX 0.09
JST 0.069
BTC 50106.56
ETH 4389.01
BNB 604.67
SBD 6.15