How Is Safe Two Factor Authentication(2FA) Exactly?
It’s becoming a requirement on many websites for two factor authentication (2FA), and it’s easy to understand why. It seems that requiring you to confirm your login via SMS/an app is a solid layer of security. But how secure is this second layer of security?
Security threats are on the rise and people have more to lose online, so it is only natural that you want to be as secure as possible. Although it can be frustrating to have your social media accounts hacked, there are much more serious consequences for having poor cyber security. Hackers could gain access to your bank accounts, drain your savings, steal sensitive files and photos, and even hack your work account, putting you in serious trouble with your boss.
Two factor authentication refers to an additional step that confirms who you are. The second layer of protection will provide greater security than a single barrier. There are many options for 2FA. Each method offers different levels of security and some methods are more popular than others. Can 2FA make sensitive accounts unhackable? Is it a waste of time? Let’s see.
SMS is not as safe as it seems
SMS-based 2FA is the most popular type. You receive a text message from your bank, social media account, or email provider with a code that you must enter within a specified time frame. This allows you to access the account and protects your login from others who don’t have it. This is by far the most secure. To get around this, someone would have to steal your phone or invent some James Bond-esque method of cloning it. Wrong.
Vice reported last year that a hacker could hijack your number and reroute all your SMS messages for as low as $16. You can also access your messages using more or less sophisticated methods. You can call your phone company and pretend to be you. Then ask them to change your sim card. You can also attack the company directly by intercepting your messages.
How do they get your personal information and your number? They could make shady deals to buy your personal information and other online activities. They could also check your Facebook to see details such as your birth date, phone number, schools attended, and maiden name. While you may be able to see exactly what information you have posted online, many others don’t.
It is possible to protect yourself against sim-swapping attacks at least and be alerted when they occur. If possible, you might consider switching to a different 2FA system.
Email-based Two Factor Authentication could be pointless
Two factor authentication can add an additional layer of security between your account and any potential threats. If you are lazy, you will only be adding another step to your account and possibly giving an internet criminal a good time. You could get in trouble if you are the type of person who uses the exact same password for all accounts, and your email address is being used to protect their target account. Hackers can use the same information he has stolen to log in to that email address and authenticate their actions.
If you insist on email-based 2FA you should create a separate email address for authentication purposes. It should have a unique password that is difficult to crack and it should be distinct. You can also use another method, which is more secure.
Push-Based could make you feel down
Push-based authentication is quick, simple, and secure. Your account is linked to the device and it becomes your 2FA method. You will receive a push notification from that device whenever you sign in. You can unlock your phone and confirm that it is you. Sounds perfect, right?
There is one catch. Push-based methods have one major problem. Your device must be connected to the internet in order to access them. You won’t be able to access your account if your phone doesn’t have a signal. In the short time I have used it, this has not been an issue. I can log in from my phone’s WiFi if I have to. I will be more likely to go to a place where I cannot receive SMS, than to log in to my phone and get a push notification.
It takes a lot of effort to get 2FA hardware-based
The physical authentication keys are the most secure and unhackable. It is basically a USB stick with security codes and protocols that you can plug into the device you are logging into. It can be kept on your keychain so you can carry it with you or in a safe that you only use when you have to log into a device that requires extra security. You can lose or break a physical key, as you might have done with USB sticks.
You can also have a complex, long-lasting authentication password written down. This string of numbers and characters is popular for protecting cryptocurrency wallets. These passwords are hard to crack so the FBI broke into a house to discover a piece paper with a 27-character passcode. This was much easier than trying to work it out. It is impossible to hack anything written on paper and kept in a drawer. Supercomputers can take many years to process all the possible combinations in high-level encryption.
It doesn’t matter if it’s in your desk drawer. It’s as easy to lose a 2FA USB if you carry it around. You’ll have to either go through an account recovery procedure or lose access to your account if it is gone. While the physical method offers the most security, it is also the least convenient. It can be used as a solid account recovery method but is best avoided for items you have to access quickly.
App-Based 2FA Is Worth the Work
There are a few advantages to downloading an app like Google authentication. It’s more secure than SMS and email authentication, and it works even if there is no internet access. The timing-based algorithm generates different keys at different times. The key can only be used for a specific period of time and must match the device and site being logged into.
There are still vulnerabilities. There are still vulnerabilities with Google Authenticator. The app is not locked, so anyone can open it and use it. You should also consider other options like the Microsoft Authenticator App which adds an additional layer of security to your authentication process with features such as biometric unlock. You are also susceptible to phishing attacks. This is where you enter the key into a fake site and allow a hacker or robot access it. They can also be intercepted.
2FA Should Be Used
(I know it’s cheesy and images aren’t my forte point but this doesn’t feel right without continuing the “all hackers wear black hoodies in dark places” trope.
Every method I’ve used has had flaws, and there will be more. The more security you have the better. To protect your online accounts, you should use 2FA as well as other methods such a password manager.
There’s a delicate balance between security, convenience, and privacy. So find the one that works best for you. Perhaps the hardware-based method is too complicated or you risk losing your data. Although SMS is not as secure as you might think, it can still be cracked with some effort. You’re unlikely to be targeted if you’re a common Joe. SMS authentication will greatly increase your online security.
Take a look at your life and decide how much effort you are willing to put in. Pick at least one 2FA method that isn’t email-based and ensure you have a unique password for each account.