Texting troubles with 2FA

Subject: General Tech | September 19, 2017 - 02:07 PM |
Tagged: security, sms, 2fa

Two factor authentication is the way to go when dealing with important information online, unfortunately the most common way of enabling 2FA has proven rather vulnerable.  With just your name, surname and phone number an unsavoury type could use a vulnerability on cellular networks to gain access to your accounts.  The example given over at Slashdot is of a Coinbase wallet with 2FA, registered with a Gmail address also protected by 2FA, which the security researchers easily took control of.  Take a look at the article for more details on the SS7 network vulnerabilities this attack exploits as well as better ways of making use of 2FA. 

If you do intend to continue to use SMS as part of your 2FA, at least consider disabling the feature on your phone which allows you to breifly read a text without unlocking your phone.

cell-tower-chemtrails-hendersonville-header11.jpg

"The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot