Hackers are always looking for new ways to steal your money. They are increasingly turning their focus to smartphones and tablets. Gadgets are filled with users' personal information, along with links to social media accounts and, in many cases, links to financial accounts.
In an effort to fend off these devious scammers, stronger security features are regularly being developed. Now, the U.S. government says one of these security procedures is not safe and should not be used.
Two-factor authentication (2FA), aka two-step verification, is when the user needs two ways to prove they are who they say before logging into an account. The idea is that a hacker will have a harder time getting both forms of identification. Most major services and companies offer 2FA now.
The U.S. government's National Institute of Standards and Technology (NIST) warns that SMS text messages are not safe. These are codes sent by companies in the form of a text message to your phone. You need the code along with a password to access the site as a second form of identity verification.
Why SMS messages are not safe:
- The messages are possibly being sent through a Voice Over IP network instead of a mobile carrier. That makes the messages only as secure as the VoIP provider's system. Hackers could intercept the SMS codes or have them sent directly to their own phone if they get into the VoIP system.
- SMS messages are not associated with a phone but rather a SIM card that is maintained by either the VoIP provider or mobile carrier. If a hacker convinces a carrier that they lost their phone, the phone number can be linked to a new SIM card owned by the scammer. Security codes intended for the rightful user would end up being sent to the hacker.
There are other forms of 2FA that are safe to use. Some examples are time-based codes generated by hardware tokens or apps, and systems that send push notifications to your phone. Users should start using these other forms of 2FA immediately.
To better protect yourself from these types of attacks, we recommend having a security software solution that will shield you from digital dangers that lurk everywhere.