What Is Two-Factor Authentication ?
Two-Factor Authentication adds another layer of security to your accounts through the use of a secondary token or pin that changes every minute or so. Two-Factor Authentication (also known as 2FA) provides an efficient layer that hackers will have a hard time to get around.
How To Setup 2FA?
2FA can be setup in different ways, all of them are secure, but some are preferable than others.
Here are the most common ways to setup 2FA:
1) Authenticator Apps
Authentication apps use a private key that the site provides to grant you a Time-Based One Time Password (TOTP) that changes every 30 seconds. Private key is provided after scanning the barcode that the site instructs you to scan.
The TOTP is stored locally on your mobile phone, which makes it more secure and accessible, weather your phone is connected to the internet or not.
2) SIM Authentication
Sites that use SIM Authentication will prompt you to enter a phone number, afterwards. Every time you would like to sign-in they will send you a one-time code to enter as a secondary layer of security.
SIM Authentication is a secure way, but it is more vulnerable than the other methods, yet it is better than not having a 2FA at all.
3) Security Keys
Red Flags And Possible Attacks
The attack vector for 2FA is very slim, that is why it is a must use for anyone that values security. The weakest link will be your SIM card. Many attacks over the years have been developed over the Cellular Network. They all mostly use Social Engineering to gain access to your information.
Social Engineering is the practice of manipulating humans to gain unauthorized access to information. Kevin Mitnick, the world’s most talented hacker. Wrote a book about Social Engineering, it describes it in full details and shows how easy it is to exploit humans.
If you are interested , we recommend reading it , very interesting story. (click here)
SIM Swapping is a way hackers can manipulate your cellular network provider to forward all incoming calls and messages to a number of choices.
The Hackers will have to have enough information to be able to answer your security questions and most of your personal data to be able to setup the malicious action. Gathering data about a person that does not follow security guidelines will be easy so make sure you keep your information secure.
Here are some of what the hacker can do if they successfully performed this attack on you:
- Identity Theft
- Read all your messages, receive all your calls.
- Access your banks and preform money transfers.
- Access to all your personal information and accounts.