Why Two-Step Verification May Be Putting You At Risk

For some of your most personal, most important data, you may have two-step verification attached to gain access to the information.

That might not be the safest way.

Two-step verification was designed to add a layer of security to your online accounts. You may have them attached to Amazon, Apple, a bank or financial account, even Facebook or Twitter. Instead of entering only a password to gain access to the account, you need to enter your password - the first step of verification - and then a code sent via SMS - the second step of verification. This means a hacker would need to steal both your password and your phone to break into the account.

Turns out that’s not as difficult to do as it seems.

Hackers have been able to trick carriers into switching phone numbers to new devices and completely taking over your data. Because carriers have been lax in their security, in some cases it’s as easy as knowing your phone number and the last four digits of your social security number. That data is easily picked up by hacking into your accounts, or by purchasing leaked data from banks or large corporations. (Something that’s occurring on an ever-increasing basis.)

Once a hacker has redirected your phone number, they no longer need your phone to gain access to your two-step verification codes.

Then there’s the risk of mobile technology itself. A hacker can easily spy via your phone system, listening in to calls or intercepting messages at will.

So what should you be using instead? An authentication app such as Google Authenticator. The main difference - and advantage - is authenticator programs don’t rely on your carrier, instead, codes stay with the app even if a hacker manages to move your number to a new phone. And the codes quickly expire, after 30 to 60 seconds for further security.

In addition, the process is even quicker because you don’t have to stop and enter a six digit code. Instead, you simply tap a button to verify your identity.

Yes, two-step verification may be a hassle. But we would argue that the hassle pales in comparison to what would happen if you are hacked. Save yourself the pain and frustration, and add a little more security to the data most important to you.

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.