subscribe: Daily Newsletter

 

How effective is two-factor authentication?

0 comments

Should a password get hacked, it could expose the user to viruses, malware and data breaches on their mobile phones and other devices. Clever cyber crooks have the skills and the tools to easily crack passwords and steal personal information.
The default for all user logons, irrespective of whether local or remote, has traditionally been reliant upon the password. At some point, the password might have been good enough, but in today’s increasingly connected world that we live and work in, a password is definitely the weakest link in the security chain.
“Passwords are ineffective for a number of reasons,” says MJ Strydom, MD of DRS, a Cognosec company. “Stories litter the headlines daily about how passwords are stolen, either through hacking or brute force techniques or by social engineering. In addition, way too often people choose passwords that are incredibly weak, such as 12345, or their birthday or other information that can by guessed by simply visiting their Facebook page. Moreover, hackers have tools to help them, such as packet sniffers or keyloggers.”
Weak passwords, he says, are driven by the fact that each of us has way too many passwords that need to be remembered. “Every bank account, loyalty programme, service provider, social media account, and similar requires a password. It is simply too difficult to remember them all. Although malware plays a role in hackers accessing passwords, too often it’s a case of human error. Moreover, a major concern is that many users have no idea their password has been compromised. Security logs will show is that a successful logon has taken place, not that any malfeasance has occurred. It’s hard to prove who was behind the login. No wonder passwords are under attack.”
He says that answers to security questions are also relatively easy to find out, particularly now that we share every detail of our lives on social media without a thought. “It would seem that no information is too personal or mundane to be shared with the world. Pretty much anyone who interacts with us on a regular basis can find out the answers to common security questions, such as the year we finished school, the city that we grew up in, our mother’s maiden name or our first dog’s name.”
Even those who don’t have this information readily available on their social media can be targeted, as much of this information is freely available on the public record for anyone willing to put in the effort to find it. “Sometimes just entering common or expected passwords can be successful for hackers, so let’s agree that passwords are no longer safe.”
This is where two-factor authentication comes in to play. It offers the user an additional layer of protection over and above the password. “It’s far trickier for cyber crooks to get their hands on a second authentication factor. They would have to be much closer to you. This drastically lowers their chance of success. Remember that hackers go for the low hanging fruit. You don’t have to be the most secure person around, just more secure than the guy next to you,” Strydom says.
“Combining passwords with a second form of authentication will usually ensure this is the case. Something you need to remember, such as a password, combined with something you carry with you – a biometric such as a fingerprint — or something sent to you, such as a token, is far more secure. Ideally all three would be best, but this proves too onerous.”
The purpose of two-factor authentication is to make attackers’ life harder and reduce the risk of attack by making yourself a less attractive target, he adds. If you already enforce basic password security measures, two-factor authentication will add that extra layer to make it more difficult for hackers to breach your account.
However, don’t expect two-factor authentication to be a silver bullet, he says. “Nothing is fool proof. It won’t keep hackers off your back forever, but it definitely increases your chances of remaining safe.”