Two-factor authentication (2FA) has been lauded as the way forward for securing online services by utilising mobile security to provide access to services by making life significantly more difficult for hackers. However, it is still possible for hackers to find loopholes in the security systems and exploit them for their own ends.
In this article we look at the weaknesses posed by two factor authentication systems and how the use of additional services can provide greater levels of security. But first, we need to understand how the different versions of 2FA work and therefore what their weaknesses are.
How does two-factor authentication work?
Two-factor authentication works by making use of your passwords along with a code sent to you by either a text message or one that has been generated by an app. Whilst we are about to highlight some of the inherent problems with 2FA, it is still worth noting that it does provide an extra layer of security for your service access and communications, so it is not to be knocked completely.
The problem with SMS 2FA
The SMS text message is one of the most widely used versions of the two-factor authentication process. By having a code sent to your phone via text it is quick and easy to use, making it a popular choice with both companies and users alike. However, it is not without its problems.
Hackers have been known to target phones for a “SIM Swap”, whereby they call the carrier and pretend to be the smartphone owner claiming that the phone has been lost or stolen. They then ask for a new SIM to be sent with the same number and therefore they will receive all 2FA codes sent to that phone.
Third party authentication apps
Authenticator app codes (often referred to as time-based one-time password), are generally considered to be a more secure method of two-factor authentication than the text message option. The code is generated on the handset itself, it can therefore not be intercepted.
However, despite this being a more secure option, it has been noted that hackers have still managed to devise a method of access. This involves the user being sent malware which they may inadvertently install, this then copies the codes and sends them to the hacker.
Biometrics are becoming a more popular method of gaining access to technology such as smartphones, due to their uniqueness to the individual and the sheer ease of use. Be it a fingerprint, facial recognition, retina scan or voice command, it would seem a very difficult form of security to fake.
However, hackers have even found a way to attack this assumed secure method. They have found that they can hack the third-party servers that store the data or the software that is used to process biometrics.
How does the Blackphone PRIVY add to the security provided by two-factor authentication?
It can be seen that one of the weaknesses of the two-factor authentication process is the handset itself. Hackers are well versed in gaining access to a handset’s software with various tricks, hacks and malware in their toolkit.
For businesses and individuals looking to secure their mobile communications by providing an additional level of security, the Blackphone PRIVY provides the extra features they need. Either as a singular phone or as a business smartphone fleet deployment, the Blackphone PRIVY has it covered.
It is important to understand that the Blackphone PRIVY does not operate with a normal network provider-based SIM card. It comes with its own secure and unlimited, multi-roaming, data-only SIM card, similar to our BlackSIM. This SIM has near worldwide coverage, connecting to all major networks and preferring the strongest connection at the time/location.
If you would like to find out how we can help integrate the extra level of security for you, please give one of our team a call.