The need for security online has never been greater. As hackers become ever more complex in their means of accessing personal information, the need to tighten up the security around our online lives grows. Two factor authentication has become a popular method of thwarting attackers and creating peace of mind when dealing with data security.
One need only look at Ashley Madison, the adulterous dating site to see how there are malign forces out there who just want to see the world burn. In the Ashley Madison case setting the world on fire involved releasing identifiable information such as email addresses and account details of some 32 million users. Also see Yahoo, whose latest in a long string of hacks in February 2017 failed to even make top news.
Unfortunately, oftentimes the simplest of attacks works. The tactic of sending phishing emails to celebrities and politicians asking them to confirm their passwords is jaw dropping in its simplicity. This happened to Clinton’s presidential campaign, and it also happened to female celebrities in the massive 2014 iCloud leak.
Two Factor Authentication
Two factor authentication (2FA) is something that is ingrained in our everyday lives, but many don’t notice. 2FA is the need to have two points of identity verification before proceeding to confidential material. Whenever you buy anything in a shop it is likely you use it. The chip and pin system is probably the most ubiquitous and best known form of 2FA. To proceed with a purchase or to look at confidential bank details, the buyer needs to be able to provide the physical card with a chip in it, as well as the four digit pin that has been committed to muscle memory after thousands of uses over the years.
The Need for 2FA
As shown by the hack of a presidential candidate – around whom you would expect security to be pretty tight – with such unsophisticated methods, we are all at risk. 2FA offers that next level of security without having to remember too much information or being hassled upon login.
2FA is practiced by many of the larger tech companies such as Google, Apple, Twitter, Facebook and Amazon. You’ll have noticed recently that Facebook is keen to get hold of your phone number. This is used if there is a suspicious login attempt, Facebook can use your proximity and access to your mobile as a means of secondary identification. Gmail asks for a backup email or a mobile number to carry out exactly the same types of check.
Apple, quite possibly in response to the iCloud hack, has enabled 2FA on their cloud storage service. This means that whenever a login is attempted on an unknown device, a code is sent to a secondary iPhone or Mac in an attempt to guarantee the identity of the person trying to log in.
How safe is two factor authentication?
As many of the major tech companies move towards 2FA as a way of shoring up the defences against hackers, questions have been asked about how secure it actually is.
The secondary factor in online 2FA tends to be a mobile phone. This is a very physical and personal device that one would hope would be ultimately secure. But consider how many of these 2FA systems require a phone call to be answered or a text message to be received. Then consider how easy it is for you to transfer your mobile number to a new SIM when a phone is lost, stolen or broken.
This can be done with a quick call to your network. All the information necessary to carry this out is fairly readily and easily available in most database breaches, such as that which befell Ashley Madison. Then with your number migrated to their phone the 2FA system doesn’t look as strong as it once did.
Once your mobile number and email are compromised, your data is easily stolen. If you use your mobile number as a guarantee against forgotten passwords, it is then quite simple for a hacker to break into your email. And as such run riot with all the sensitive information found within. That could take the form of bank statements, eBay or PayPal account information, or just simply confidential business and personal information.
So while the 2FA system seems fairly secure. It is impossible to effectively guard yourself entirely against a compromising attack. The first step in this is being particular over with whom you share personal information. At this point in time it would seem foolish to treat any data shared with Yahoo as secure.
If you would like to know more on how you can ensure your personal and professional data remains confidential read our post on how to keep your business data secure.