Your IT Consultant

Not All Two-Factor Authentication (2FA) Methods are Created Equal

March 10, 2020

We really need to stop helping the bad guys hack our data. Strong passwords and not using the same password across multiple sites is a good first step. In additions, we should be implementing two-factor authentication (2FA) whenever we can. 2FA is usually implemented by sending a SMS text message code or displaying a code in an authentication app. As far as security goes, SMS text messages can be hijacked via a process known as SIM swapping. As an example, CNET reported that Twitter's CEO had his account hijacked by a hacker bribing an employee of the carrier to switch the SIM card associated with his phone number.

A better solution is to use an authentication app. However, a recent post by Lifehacker suggests that you should hold off using the authenticator app from Google or Microsoft for now. The problem is that both apps don't use the FLAG_SECURE settings in Android. The setting prevents screen shots from other apps and even the phone user. It is expected that Google and Microsoft will fix the screen shot problem with a future update, but for now Authy is a better choice for an authentication app.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com