In the early years of my Cybersecurity journey, I published a paper on the need for two-factor authentication based on a conceptual framework. More than ever, my practical experience in the field raises serious concerns about the inherent insecure state of single-factor authentication (regardless of how strong your passwords are). In this short and sweet article, I explain the need for a dynamic two-factor authenticator system like Google authenticator for effective access control. Enjoy reading!
Two-factor authentication (2FA)ensures that your accounts are safe even when a malicious hacker gets hold of your primary login credentials (e.g. username/email and password).
2FA can be implemented through the following ways;
- Sending code to your mobile phone via SMS
- Using an authenticator app on your phone that dynamically generates time-based codes.
Recently, it was reported that Facebook sold phone numbers of its users to advertisers which were obtained when SMS-based 2FA was enabled on their accounts. Let me make it clear, SMS-based 2FA is highly risky because phone numbers can be hijacked by malicious users. So do not use SMS for 2FA authentication on any online account whatsoever.
There has been a huge debate amongst security experts regarding the insecure nature of SMS. Malicious hackers can easily intercept codes sent to your phone number and access accounts when they also have the credentials.
To migrate the vulnerability of single-factor authentication as well as SMS-based based 2FA, I highly recommend using an authentication app.
One of the best authentication apps is Google Authenticator; because the app is installed on your phone, the potential hijack of your phone number would limit your risk exposure.
To install Google Authenticator, follow the steps outlined in the link below and don’t forget to share this article with your friends/followers.