The two-factor authentication (2FA) was supposed to be the long-overdue password upgrade. And to some extent, it met the expectations, as the extra layer of protection to this day is used to ensure the security of many businesses and online government accounts. However, the effectiveness varies. It certainly still offers protection that goes beyond just a username and password, but it has its faults. Two-factor authentication continues to be highly effective in fending off automated attacks. Still, it sadly isn’t a cure-all as hackers’ have proven on multiple occasions that they can bypass the layer of security offered by 2FA, especially if the 2FA is in the form of an SMS text message.
Fraudsters can easily commit crimes when they get their hands on sensitive information from data leaks and breaches. And those happen way too often, with the most recent high-profile hack being the attack on T-Mobile that exposed personal details, including SSN and Drivers License numbers, of more than 50 million Americans.
With billions of data points being on sale on the dark web, and sometimes even for free on torrent websites, criminals can easily bypass the 2FA using SIM swapping techniques or weak passwords.
When a user calls a cellular carrier most of the time, operators ask users to confirm identity by providing the last four digits of SSN or passcodes – both were among many other personal information credentials stolen by T-Mobile last month. While passcodes and passwords can easily be changed, SSN stick with the person for life, and the chances of your SSN being among the stolen info in one of the data breaches over the years are very likely. So if SIM swapping was relatively easy for hackers to bypass in the past, now it likely does not even require fraudsters even to be tech-savvy – they can just call in and commit a crime.
What can you do?
Apart from maintaining good password hygiene, you may rethink SMS usage as a form of 2FA. In addition, you may want to consider adopting multi-factor authentication options wherever possible – the more layers of protection you have, the better.
Government agencies and private companies of all sizes continue to take advantage of the two-factor verification process. However, relying solely on two-factor authentication isn’t enough if you genuinely care about your cyber protection and privacy. Any layer of security is better than not having a layer at all, so seize the opportunity every time you have the option for 2FA. In addition, having high-end anti-virus software installed on all your connected devices adds even more layers of security and not only protects in real-time but sometimes comes bundled with perks such as password manager and VPN solution that help users gain better control over their digital life.