two-step authentication

The two-step authentication is not as safe, and the fault of the SMS

Ah, passwords! Unlivable, but irreplaceable. This security system is the most widely used worldwide for access to all services, and limitations seemed to be relieved with authentication systems in two steps.

These systems allow you to add another layer of security by forcing us to complete the process with our mobile, in which we receive a PIN by SMS and then insert it into the corresponding service. The problem is that SMS are vulnerable, so authentication two step should consider otherwise. Google, by the way, already does.

two-step authentication
Image Source: Google Image

Google offers an alternative that others should copy

One of the problems of this type of message is that social engineering can work: recently a political activist who used that authentication system realized that his Twitter account appeared pro-Donald messages Trump: the hacker who had already managed user name and password had been passed by activist on your mobile operator and had achieved that will redirect your calls and messages to another mobile number.

The problem is that the two – step authentication is based on a simple principle: combine “something only you know” (password) with “something that only you have” (your phone, your fingerprint, your iris). The problem is that the second part of the equation is not provided entirely by the authentication system in two steps, as we have seen SMS messages can be redirected … or intercept.

You may also like to read another article on FreshLookApp: Google Maps allows everyone to add places and make changes

Google, which already had Authenticator for this capability – solved part of the problem last week to launch Google Prompt, a system that makes such verification is not sent through SMS messages, but from Google’s servers, something that becomes more complex intercept . There are other systems such as generators tokens used in some banks – but it seems that the Google proposal is especially interesting for the future: it may end up taking advantage of other services and adapting the same idea.