Its now well known that usernames and passwords arent enough to securely access online services.
As such, the implementation of two-factor authentication (2FA) has become a necessity.
Generally, 2FA aims to provide an additional layer of security to the relatively vulnerable username/password system.
Figures suggest users who enabled 2FA ended up blocking about99.9% of automated attacks.
But as with any good cybersecurity solution, attackers can quickly come up with ways to circumvent it.
They can bypass 2FA through the one-time codes sent as an SMS to a users smartphone.
So whats the problem with SMS?
Major vendors such asMicrosofthave urged users to abandon 2FA solutions that leverage SMS and voice calls.
For example,SIM swappinghas been demonstrated as a way to circumvent 2FA.
This facilitates communication between the victim and a service being impersonated.
In addition to these existing vulnerabilities, our team has found additional vulnerabilities in SMS-based 2FA.
Using apassword manageris an effective way to make your first line of authentication your username/password login more secure.
More importantly, this attack doesnt need high-end technical capabilities.
[Read:Will physical banking become obsolete?]
Whats the alternative?
To remain protected online, you should check whether your initial line of defense is secure.
First, check your password to see if its compromised.
There are a number ofsecurity programsthat will let you do this.
And check that youre using a well-crafted password.
it’s possible for you to instead use app-based one-time codes, such as through Google Authenticator.
However, this approach can also be compromised by hackers using somesophisticated malware.
A better alternative would be to use dedicated hardware devices such asYubiKey.
