Stuff

    Subscribe to our newsletter

    What's Hot

    Dyson’s future plans for a household robot will probably secure at least a few fans

    May 26, 2022

    A new Google Docs feature will let you save time for things that really matter, like procrastination

    May 26, 2022
    Rock Stacking

    Stressed? Go and play this free rock-stacking simulator for a while

    May 26, 2022
    Facebook Twitter Instagram YouTube SoundCloud
    Trending
    • Dyson’s future plans for a household robot will probably secure at least a few fans
    • A new Google Docs feature will let you save time for things that really matter, like procrastination
    • Stressed? Go and play this free rock-stacking simulator for a while
    • City of Joburg intends to spend more than R316 million to make Johannesburg smarter
    • Tech firms are making computer chips with human cells – is it ethical?
    • The SteelSeries Arctis Nova Pro is the company’s latest flagship gaming headset
    • It’s official – Call of Duty: Modern Warfare 2 is 2022’s Call of Duty
    • How to apply to be a sim racer for R10,000 a month
    Facebook Twitter Instagram YouTube
    Stuff Stuff
    • News
      • App News
      • Business News
      • Camera News
      • Gaming News
      • Headphone News
      • Industry News
      • Internet News
      • Laptops News
      • Motoring News
      • Other Tech News
      • Phone News
      • Tablet News
      • Technology News
      • TV News
      • Wearables News
    • Reviews
      • Camera Reviews
      • Featured Reviews
      • Game Reviews
      • Headphone Reviews
      • Laptop Reviews
      • Other Tech Reviews
      • Phone Reviews
      • Tablet Reviews
      • Wearables Reviews
    • Columns
    • Stuff Guides
    • Podcasts & Videos
      • Videos
      • Stuffed
      • Stuffing Around
      • Tech Byte
      • T2S2
    • Win
    • Subscribe
      • Print
      • Digital
        • Google Play
        • iTunes
        • Download
        • Zinio
    • Stuff Shop
      • Shop Now
      • My Account
      • Downloads
    • Contact Us
      • Get In Touch
      • Advertise
    0 Shopping Cart
    Stuff
    Home » News » App News » Can you still be hacked with 2FA enabled? Here’s what you need to know
    App News

    Can you still be hacked with 2FA enabled? Here’s what you need to know

    The ConversationBy The ConversationSeptember 4, 2020Updated:October 1, 2021No Comments5 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Cybersecurity is like a game of whack-a-mole. As soon as the good guys put a stop to one type of attack, another pops up.

    Usernames and passwords were once good enough to keep an account secure. But before long, cybercriminals figured out how to get around this.

    Often they’ll use “brute force attacks”, bombarding a user’s account with various password and login combinations in a bid to guess the correct one.

    To deal with such attacks, a second layer of security was added in an approach known as two-factor authentication, or 2FA. It’s widespread now, but does 2FA also leave room for loopholes cybercriminals can exploit?

    2FA via text message

    There are various types of 2FA. The most common method is to be sent a single-use code as an SMS message to your phone, which you then enter following a prompt from the website or service you’re trying to access.

    Most of us are familiar with this method as it’s favoured by major social media platforms. However, while it may seem safe enough, it isn’t necessarily.

    Hackers have been known to trick mobile phone carriers into transferring a victim’s phone number to their own phone.

    Pretending to be the intended victim, the hacker contacts the carrier with a story about losing their phone, requesting a new SIM with the victim’s number to be sent to them. Any authentication code sent to that number then goes directly to the hacker, granting them access to the victim’s accounts.
    This method is called SIM swapping. It’s probably the easiest of several types of scams that can circumvent 2FA.

    And while carriers’ verification processes for SIM requests are improving, a competent trickster can talk their way around them.

    Authenticator apps

    The authenticator method is more secure than 2FA via text message. It works on a principle known as TOTP, or “time-based one-time password”.

    TOTP is more secure than SMS because a code is generated on your device rather than being sent across the network, where it might be intercepted.

    The authenticator method uses apps such as Google Authenticator, LastPass, 1Password, Microsoft Authenticator, Authy and Yubico.

    However, while it’s safer than 2FA via SMS, there have been reports of hackers stealing authentication codes from Android smartphones. They do this by tricking the user into installing malware (software designed to cause harm) that copies and sends the codes to the hacker.

    The Android operating system is easier to hack than the iPhone iOS. Apple’s iOS is proprietary, while Android is open-source, making it easier to install malware on.

    2FA using details unique to you

    Biometric methods are another form of 2FA. These include fingerprint login, face recognition, retinal or iris scans, and voice recognition. Biometric identification is becoming popular for its ease of use.

    Most smartphones today can be unlocked by placing a finger on the scanner or letting the camera scan your face – much quicker than entering a password or passcode.

    However, biometric data can be hacked, too, either from the servers where they are stored or from the software that processes the data.

    One case in point is last year’s Biostar 2 data breach in which nearly 28 million biometric records were hacked. BioStar 2 is a security system that uses facial recognition and fingerprinting technology to help organisations secure access to buildings.

    There can also be false negatives and false positives in biometric recognition. Dirt on the fingerprint reader or on the person’s finger can lead to false negatives. Also, faces can sometimes be similar enough to fool facial recognition systems.

    Another type of 2FA comes in the form of personal security questions such as “what city did your parents meet in?” or “what was your first pet’s name?”

    Only the most determined and resourceful hacker will be able to find answers to these questions. It’s unlikely, but still possible, especially as more of us adopt public online profiles.

    Often when we share our lives on the internet, we fail to consider what kinds of people may be watching. Shutterstock

    2FA remains best practice

    Despite all of the above, the biggest vulnerability to being hacked is still the human factor. Successful hackers have a bewildering array of psychological tricks in their arsenal.

    A cyber attack could come as a polite request, a scary warning, a message ostensibly from a friend or colleague, or an intriguing “clickbait” link in an email.

    The best way to protect yourself from hackers is to develop a healthy amount of scepticism. If you carefully check websites and links before clicking through and also use 2FA, the chances of being hacked become vanishingly small.

    The bottom line is that 2FA is effective at keeping your accounts safe. However, try to avoid the less secure SMS method when given the option.

    Just as burglars in the real world focus on houses with poor security, hackers on the internet look for weaknesses.

    And while any security measure can be overcome with enough effort, a hacker won’t make that investment unless they stand to gain something of greater value.

    • David Tuffley is Senior Lecturer in Applied Ethics & CyberSecurity, Griffith University
    • This article first appeared on The Conversation

    2FA featured hack hacking internet The Conversation two-factor authentication
    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    The Conversation

      Related Posts

      Dyson’s future plans for a household robot will probably secure at least a few fans

      May 26, 2022

      A new Google Docs feature will let you save time for things that really matter, like procrastination

      May 26, 2022
      Rock Stacking

      Stressed? Go and play this free rock-stacking simulator for a while

      May 26, 2022

      Leave A Reply Cancel Reply

      In The Mag
      Stuff April-May 2022 Latest Issue

      In This Issue – The Smart Home (April-May 2022) Issue

      By Brett VenterApril 4, 20220

      It’s time for a brand-new issue of your favourite tech publication. The April-May- 2022 edition…

      2021 Wish List
      wish list Stuff Wish List 2021

      Stuff Wish List: for the tech impaired

      By Duncan PikeDecember 22, 20210

      Are you from the time before being glued to a smartphone was considered normal? Here’s…

      Wishlist DIY Stuff tech

      Stuff Wish List: for the DIY Diehard

      December 21, 2021
      Wish List Gearhead

      Stuff Wish List: For the petrol-soaked gearhead

      December 20, 2021
      outsiders

      Stuff Wish List: for the Outsiders

      December 17, 2021

      Latest Video

      Sonos

      SONOS Roam SL unboxing by Toby Shapshak

      March 30, 2022
      Mini Cooper

      The Mini Cooper SE Electric with Toby Shapshak

      March 18, 2022
      MSI Crosshair 15 Rainbox Six Extraction Edition unboxing

      MSI Crosshair 15 Rainbox Six Extraction Edition unboxing

      March 16, 2022
      Samsung Galaxy S22 Ultra Unboxing

      Samsung Galaxy S22 Ultra unboxing with Toby Shapshak

      March 16, 2022
      Contact

      South Africa's Consumer Tech News Hub

      General: [email protected]
      Subscriptions: [email protected] or 087 353 1291
      Editorial: 072 735 2614
      Sales: 083 375 2418

      Facebook Twitter Instagram YouTube SoundCloud

      Subscribe to Updates

      • Terms and Conditions
      • Privacy & POPI
      • My account
      © 2022 Stuff Group. Designed by Chronon.

      Type above and press Enter to search. Press Esc to cancel.