FBI Warns of Hackers Bypassing Some Types of Two-Factor Authentication
Two-factor authentication is a security protocol that requires users to take an extra step whenever they log in. For example, you open your online banking app and enter your username and password, and then wait a few seconds for a text message or email that contains a six-digit code. You enter that one-time code into your banking app, and you are in.
Two-factor authentication provides an extra layer of security for your accounts, especially ones that contain sensitive data or financial access. It is a great way to keep criminals out of your accounts, especially if your personal information has been stolen in previous data breaches. With two-factor authentication in place, a hacker who managed to steal your login credentials cannot sit at their computer half a world away and get into your bank account because they do not have your phone in order to receive that code.
Unfortunately, hackers work very hard to stay one step ahead. There are a variety of ways that two-factor authentication has been cracked, sometimes with disastrous results. Hackers might steal access to the entire inner workings of your smartphone by going through your cellular provider, and therefore getting the login codes as well. Other hackers have created fake websites that look like the real thing, tricking you into entering both your login credentials and your code, although this one is a little more difficult. Hardest of all, though, are the criminal operations where hackers are actually waiting at the time of login; you type your username, password and unique code, and hackers were “watching” the site while you typed.
Fortunately for most consumers, the effort it takes to breach two-factor authentication is so involved that it is usually reserved for things like cryptocurrency trading websites and online marketing. That does not mean you are completely safe if you do not trade in Bitcoin or make money from YouTube advertising, but it means that you are less likely to draw that kind of effort.
The important takeaway is that even with the potential for being breached, you are still far more protected from everyday cybercriminals if you use two-factor authentication than if you do not. Think of it like the safety restraints in your car; yes, in extremely rare and unpredictable circumstances, there have been vehicular deaths associated with the use of a seat belt or an airbag. However, seatbelts and airbags save lives literally every day, so you would never disengage them on the off chance that they could cause harm.
The same is true of two-factor authentication. Enabling two-factor authentication on your accounts will not hurt you more than not having it, as hackers were trying to get into the account for some reason. Not having it in place, though, could invite lower-level hackers who do not need special tools and know-how to steal from you.
Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530.
You might also like…
One Simple Way to Not Get Your Twitch Account Hacked
How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.
