SMS-based Two Factor Authentication is Insecure, What to Do to Secure Online Accounts?

 SMS-based Two Factor Authentication is Insecure, What to Do to Secure Online Accounts?


In today's digital age, 'Two-Factor Authentication' (2FA) has become a must for securing online accounts. But the most popular and convenient medium used for this is SMS, which has proven to be the most insecure.


SMS-based Two Factor Authentication (2FA) has serious security flaws, which are putting user accounts at risk. The biggest technical weakness of SMS is its outdated communication system. SMS uses a protocol called 'Signaling System No. 7' (SS7), which was developed in the 1970s and 80s.



This system was created at a time when only a limited number of people had access to it and all users were considered trustworthy. It lacks 'cryptographic authentication', which means that the system cannot distinguish whether a message comes from a legitimate source or not. This makes it easy for hackers to intercept, listen to, or modify messages.


Since SMS messages are sent in ‘plain text’, they do not have the ‘end-to-end encryption’ that modern apps have. Hackers can access not only the content of the message but also metadata such as the user’s phone number, location and device information.


Apart from technology, human error and ‘SIM swapping’ have also become another major threat. Hackers can use various pretexts to trick the telecom provider into transferring the user’s phone number to a SIM card they own. According to a report by TransUnion, about 27 percent of telecom executives have identified SIM swapping as the biggest emerging threat.


Apart from security, SMS has also been seen as a problem with reliability. Many users have experienced problems with SMS codes arriving late or not at all when logging into services like Daraz or Google. This has made it difficult for users to access their accounts.


As a safer alternative, you can use authenticator apps. Apps like Google Authenticator, Microsoft Authenticator, or Authy generate a new code every 30 seconds. Since these codes are generated locally on the device, there is no risk of being stolen from the network.


Passkeys have emerged as another secure option. This is a digital credential that remains secure on the user’s device and cannot be opened without biometric security (fingerprint or facial recognition).


In addition, security keys are now popular in developed markets around the world. Physical USB keys like the YubiKey cannot be used to log in without physically connecting them to the device.


In this way, SMS only gives users a false sense of security. Instead of relying on old and insecure technology, it is wise to adopt modern security measures. However, users are complaining that some banks and financial institutions still do not provide 2FA options other than SMS.

Comments

Post a Comment

If you have any doubts. Please let me know.

Popular posts from this blog

Artificial intelligence (AI) - the ability of a digital computer.

Image
Artificial intelligence Artificial intelligence (AI), the ability of a digital computer or computer-controlled robot to perform tasks typically related to an intelligent person. The term is often applied to projects of developing systems. The characteristics of intellectual processes are human characteristics, such as the ability to reason, invent, generalize, or learn from past experience. Since the development of the digital computer, it has been demonstrated that computers can be programmed to perform very complex tasks - for example, finding evidence for mathematical theorems or playing chess - with extreme efficiency. Yet, despite the steady advancement of computer processing speed and memory capacity, there are still no programs that match human flexibility in the tasks required for broad domains or more daily knowledge. On the other hand, some programs have achieved performance levels of human specialists and professionals to perform specific tasks, so that in this limited sense...
Read more

What is SEO and how to do search engine optimization?

Image
What is SEO and how to do search engine optimization? What is SEO and why is it important for a blog? The simple answer is SEO is the life of blogging. Because if you want to write any good article, if your article is not ranked properly, then the chances of getting traffic in it are negligible. In such a situation, all the hard work of the writers goes into the water.
Read more

Facebook's name has been changed to 'rebranding'

Image
Facebook's name has been changed to 'rebranding' Facebook, which has been tarnished by misinformation and frequent user data leaks, has changed its corporate name. On Thursday, 17 years after its inception, Facebook announced its decision to change its corporate name to 'Meta'.
Read more

Labels

AI Tech the to Technology is how in Google Artificial Intelligence
of Social media Facebook a What and are on you This phone mobile Do Android IT your internet Nepal smartphone workforce for use app can from media iPhone robot be with social will Machine Learning new not Python that these why Apple YouTube account company computer data does like password feature twitter Instagram Whatsapp by digital or ChatGPT Tiktok machine an information China Future Now free has online out people search work If Know US find make video videos way website without India Laptop ML One apps battery corona features public year Avoid Elon Musk Here Intelligence Microsoft billion cyber market may million photos protect service user users which Have Windows about chrome education history home money need photo update want Bitcoin Content Did Machine Learning Future Nepali Operators Scientists Things Wi-Fi artificial browser code don't down download hacker hacking network phones safe security smart system take tips world 10 Amazon Artificial Intelligence Future Buy Cryptocurrency Gmail Learning SEE TV being human malware many mind netflix software study there two used when 15 7 Beginners Deep Learning Keep NASA Privacy Who after also at business camera career change chat cloud digital marketing easy going hacked its jobs life look marketing millions number sent settings store such version virus work force 5 Agriculture Bug Deep Earth GPS Google Maps Kaggle Messages More RAM Risk Some Than Top Types Ways Windows 11 World Cup Xiaomi address all as attack available been brain buying dangerous difference drive earn email first hackers hidden image including job language message meta mode monetization most news old open passwords pay price really search engine smartphones storage story their using watch where windows 10 working 14 2020 2022 4 6 Cambridge Dark Web Development GB GPT Gemini Global Health-care Here's Lite Maps Oppo Pakistan PayPal Print Pro QR Reasons SEO SMS Samsung So Telegram TensorFlow Thinking Tutorial Type Vision WiFi Word Zoom accounts advertising any bank become best better biggest blue chip comments computers countries country created cyber attacks doing electricity engine eyes fake files football function game games get go government hours install launch launched lost medical misused monitor moon name once percent play private problem problems processing program quantum quickly robots saying scan science secure send share signal space stay them they thousands time topics tricks up useful viral voice was water we web while wireless workers 000 17 2024 5G AI Education Alan Musk America Analytica Applications Army Assistant Banned Based Because Before Blockchain Bounty CCTV COVID-19 Chat GPT Choose Clean Close Clubhouse Computer Vision Crypto DL DNS Deepfake Developer Docs EV Electric Even Everyone Explain Factory Finally Google chrome Google drive Healthcare Help I IBM Includes Japan Keras Kernels Large Lifestyle Looking MDMS Mac Models Music Musk Must Natural Ncell Nepal's Net Notebooks Operating PC Police Preparing Prime Revolution Russia SIM Save Scikit-Learn Skills SpaceX Stephen Hawking Sun Tesla Theme Therefore Unnecessary VPN Variables Visas WorldLink ability ads age airplane along authentication aware background bandwidth becoming beneficial between blocked break bring browsing bully cable call cameras cannot captions capture care cause charge charger charging chatbots check come coming companies complete consumption control copyright corona-virus could courses create crimes currency cyber security dataset datasets days delete deleted deleting details developed device different dislike doctor documents domain due during dynamic easier easily emails employees energy engineer engineering ethics exactly excessive expected factor facts forever forget found fraud full gadgets getting given glasses good got guest hand handle heater his humans iOS iOS 26 iPhone 14 iPhones impact important incognito increase industry insecure invest keyboard known law learn list listen live location main manager map meaning megapixel memory messenger model month months movies much nonsense nuclear opening original our over own phishing physics porn post posts prevent product production programming protection ready real-world reduce rejected released remove report reward robotics room run safety same saving say says scandal screen searched selfie should show site sold someone source speaking special speed spyware stuck students subscription systems target techology television tick today torrent traffic trick trillion universe upload various verification war weakest women worldwide years young "Nano Banana" $100 & 'Buy the Dip' 'HDR' 'Hey Google' 'Hey Siri' 'I' 'Mr. Beast' 'Professional Mode' 'football intelligence' 'hidden' 'refill station' (IoT) (LLM) (NLP) 1 100 10:10 10th 11 12 145 16 19 2 200 2007 25 30 35 3D 40 4000 48 4K 5 P's 60 7 C's 8 @everyone on A17 AI Tool AI ethics AI-Based AI-powered API AR Adjust Adobe Adopt Adsense Adsense Supports Africa Alexa Ali Baba Altman Amazon Jungle Amazon Prime Ambani American Anaconda Android 11 Android TV Android phone Annoyed Apply Appoints Arithmetic Art Art through NFTs Artficial Intelligence Artificial neural Artuficial Intellegence Ashika Tamang Assignment Astronauts Astronomy Atrificial Inteligence Attacks Audiobooks Augmented Reality Australia Auto-GPT AutoML Avatar 2 Bachelors Banning Bard AI Bernie Sanders Beyond Big data BigQuery Bill Gates Bitwise Blind Blockchain Developer Blockchain Technology Books Brave Brave Browser Brazil Browser's Bumble C charger CEO CPU CPU temperature CTEVT CV Cases Casting Changed ChatGBT Chery Chinese Citroën C5 Cloud Factory Cloud Factory Nepal Club House Colab Command Comparison Compute Concatenate Concerns Contactless Contactless payment system Copa America Copilot Couple Challenge Crash test Create your first Project on Python Crossover Cup Cybersecurity DRS Gaming Dark mode Datalab Dating Deep Fake Deep Learinig Deep Learning with Python Deep Neural Networks Defender Demat Dept Development in predictive analytics Didn't Digital avatars Disable Discontinuing Discovers Do not Dodge Dogecoin DuckDuckGo E-task EA ETF EU Earbuds Earth 2 Earthquake Economic Edge Computing El Salvador Elected Electric Vehicles Electrical Eliminate Elon Embassy Embedded Application Embedded Application (EA) Emoji Epstein Epstein’s Estimators Ethical Hacking Euro NCAP European Evolve Explained Explosion Express WiFi FPS Facebook Messenger Facebook's Facets Fears Federal Reserve System Finance Finding Firefox FiveG Fixed wireless Follow Forge Fraud Call Freefire Freelancing GIF Gadget Gboard Git Glass Gold Google Chat Google Cloud Google Meet Google Play Music Google Plus Google Plus code Google Workspace Google search Google's Green room Greenroom. Spotify Guest Mode HDMI Habitable Happy Birthday Health sector Heights Holi Honest Honeygain Huawei Hyundai ID IMD IP ISP Identify Implementing Increasing Indonesia Inflation InfoSec Input Inspiration Installation Integrated circuit Intel Intelligent Internet of Things (IoT) Introduction Iranian Island Isn't JBL JPG JPMorgan Chase & Co Jack Ma James January JavaScript Jeffrey Jio Joker Virus Jungle Jupyter Jupyter Notebooks Keys Korean LAN LLM LP Large Language Models Launch of better autonomous systems Lee Kun-hee Library Liking Line Linux Liquid Logical Lucky MDMS Nepal ML Engine MSN MaAfee Mark Zuckerberg Max Meet Membership Mero Share Metaverse Microsoft Office Microsoft Teams Military Military weapons Minister Mobile Operating System Module Mouse Mukesh Ambani NASA's NEA NFT NFTs Natural language processing (NLP) Nepal. radio mapping Nepali businesses Nepali game Nepali youth Nepalis NetTV Neural Network Neural Networks New Technology No Nokia North Korea Note Nvidia Object Detection Open-source OpenAI Opera PDF PNG PPT PUBG Pandas Pandora Paytm Pendrive Photoshoot Pi Network Pip Plan Planets Play Store Pokémon Pokémon Go Premium Preparations Prerequisite Pro's Process Process discovery Pycharm Pyenv Python Programming Python Tutorial Python Tutorials Python for Beginners Python on Windows Quick Draw RCS Race Radically Ransomware Rashtra Bank Reboot Recommender Recommender Systems Redmi Reinforcement Reinforcement learning Reliable Reliance Reliance Jio Remittances Remotely Remove. bg Replacing Reverse Rice that grows for years once planted Rises Robot Sophia Roles Ronaldo Routine of Nepal Banda S&P 500 S&P Global Ratings SD Scale Scaling Scikit Screen Pinning Selection Sensors Seven Shorts Singapore Sitting SixG Snapchat Sophia South Korea Space X Spam Stable Coin Starlink Steve Jobs Stock market String Success Sundar Pichai Supermarket Supervised Supervised Learning Supervised Machine Learning Supply Chain Attack Supports Swift TIFF Teenagers Telecom Telescope TensorBoard TensorFLow Hub Thes Tiktok stop Time Travel Tool Training Data Transforming Translation Trojan Truecaller Trump Trusting Try Type-C Typing US Congress USA USB Understand United States Unsupervised Unsupervised Learning Unsupervised LearningUnsupervised Machine Learning Unsupervised Machine Learning Upcoming Upcoming Technology Urges Using a drone VPNs VR Vehicles Virtual reality Virtualenv Visualize WWW Wait Walkthrough Walmart WeChat Webb Wha What are Assignment Operators in Python What are Comparison Operators in Python What are Logical Operators in Python What are Operators in Python What are the basic laws of quantum physics What is What is Chat GPT What is Google Adsense What is Pycharm What is Python What is String in Python What is Variable in Python Whose Wi-Fi 6 Wikipedia WordPress Wrangling data Write X X8 series XAI XOR XSS YouTuber Ziglar Zipty Zuckerberg action admin advantage advertisers again against agency agricultural ai beauty aims air aircraft aired alert algorithm almost alpha alternative among analytics ancient and security angles announcement announces another answer answering antivirus anyone anything appear appearance appliances application approach approaching approaching science meaning apps. google arise arrived article artificial blood vessels arts associated attention attractions audience authentic automatic automatically autonomous avatars baby back backed bad ban bans bar basic batteries beginner benefit benefits beta bitcoin mine bitcoins black block boarding bogged book bought box brand brings broadband brought bug bounty build but buttons bypass cable internet cables calculus calls campaign can't cancer car cards careeer careful carry case cave center challenge channel chat.com cheap cheaper checkmarks chess child children choose. a class click clicking climbers clock closest club coding colleges color combat common communicate compensates compete competing completely computer mouse computer science concept connect cons consider consumes contains controls controversies credit crime crisis criteria crore crores crowdsourcing culture cyberattack cyberspace cycle d about damaged danger dark data center data science dating apps day debit dedicated delete data deny depression destination devices diary die digit digital banking digital cameras digital land digital privacy disappeared disappearing discovered discovery displaced display displays disrupt disturbing document dog dollars doodle door downloads drains dream drone drug trafficking e features e-Rupee e-books e-passport e-sewa eBooks ePassport each earn money from Nepal eating economy edit editing effective electronic eligible else email server emerged emergency emojis employee end enough entering entire espionage etflix except excuse existence expire extend extracts eye face app facial verification failed false family far farm fax fdown.net fee feet fiber fight file film final five flying foldable food fooled footprint forced foreigners forensics forgotten form formats forwarding foundation free upgrade frequency freshman from search fruit fuel game tips gamer gas gasoline geometry gestures gets gives goes good content goodbye goods google docs gossip granted great groups growing hack had hall handy happen happy harmful he head headphones headset health hear higher hobby human brain human intelligence human trafficking hundreds hurting hydrogen hype iCloud iPhone 12 Pro illegal data illicit trade image processing processor images impair improvements inbox incidents income increased incur instant instrument interest interesting interests internal storage internet speed into intranet introduced invented invention investigating investment invites it's it’s jack join journalists journey kit laboratory lakh languages last later latest launches launching lawmakers laws leak leaks legalize let letter letters light likes link links lives loaded locked longest lose loss love machine vision made main features maintain major maker makes making man manage management system mango marketplace martial mask matches matter meanings measures measuring meetings melting meme mental messaging microphone middle million. downloads mine mistake mistakes mobile number moble moment monetize monitors monkey mother mountain move movie moving mute myths name-x naming near necessary negative networks neural neural networking new code new look new windows news anchor next night mode non notes notifications now.gg nuclear energy obscene off official officially offline often open source opened operate operated operating system opposed optic optical fiber optimization option options other others outbreak overheating oversold overuse owner page paid pandemic paper participant participate passkeys passports password. patent pattern paying payment peace pen drive permanent permission person personal perspective phone confidential picture pictures pirated placed placing planting platform platforms policy political pop-up popular popularity port possible powered practice predictive pregnant prepared principles prize processor product key programmatically programming languages project prompt property pros protected provided proxies proxy quantum computer quantum internet question quires quota r daily radio rain rainy season rate reach reading real realities reason rebranding record recovery reform refresh refreshes refrigerator regarding registered registration regulators relationship remain removes removing repairing replace reports requiring reset residence resolution responsibilities restaurants returned revenue review rings risks risky road robotic dog rocket rooms round ruin rules running runs safely sale satellite scammers scary schedule scheme schools screens search engines secret secretly selectric cars sell semi-final semiconductor sending series server services set setting shared sharing shield ships shocked shortage shoulders shuffled shut shuts shutting side sidebar simple since sites sky sleeping slightly slow slowing smartblock smarter smartly social engineering hacking software. tech solutions solve somewhere soon sound sources space center space debris spacecraft spaceships specifications spectrum spend spending sponsors sports spying star starship start started starting starvation steps stocks stolen stop stories strategy streaming strong student studying subject subscribers successful suggested suggestions suitable suitcase superintelligence surface surprised survive t are tag tagging taken talent talk teach team technlogy technoloy technonlogy telecommunication terminology test text think thousand thread threat to threats through throwaway tightens timer tinder toilet too took tools topic tossing touch pad tracking trackpad trading transact transactions transport travel trending trends trip true turn turned turns tweets unbuyable unemployed unemployment unpleasant unregistered unsafe unseen unveils upgrades uses versatility very view viewing virtual virtual currency virtual world vishing visit visiting voter vulnerabilities warning washing waterproof weakening weapon weapons web design websites week well went were wet what's willing withdrawn woman won't words works workspace world war worrie worried worth writer written wrong ‘Hosts’ ‘JeffTube’ ‘Wi-Fi Pineapple’ ‘viral’
Show more