Texting troubles with 2FA

Subject: General Tech | September 19, 2017 - 02:07 PM |
Tagged: security, sms, 2fa

Two factor authentication is the way to go when dealing with important information online, unfortunately the most common way of enabling 2FA has proven rather vulnerable.  With just your name, surname and phone number an unsavoury type could use a vulnerability on cellular networks to gain access to your accounts.  The example given over at Slashdot is of a Coinbase wallet with 2FA, registered with a Gmail address also protected by 2FA, which the security researchers easily took control of.  Take a look at the article for more details on the SS7 network vulnerabilities this attack exploits as well as better ways of making use of 2FA. 

If you do intend to continue to use SMS as part of your 2FA, at least consider disabling the feature on your phone which allows you to breifly read a text without unlocking your phone.

View Full Size

"The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

September 19, 2017 | 06:43 PM - Posted by quest4glory

This is good advice, and I believe Linus Sebastian was hacked in this way a year or two ago.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.