This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 9 °C Friday 6 December, 2019
Advertisement

Relying on texts to help protect your accounts is no longer a good idea

You really should be using two-step authentication, but it’s best to switch to apps dedicated to the task if you haven’t already.

Image: Shutterstock/Lolostock

IF YOU’RE LOOKING for a quick and effective way to improve your online security, two-factor authentication (2FA or two-step verification) is the first thing you should look at.

If you’re using it already, you’ve most of the way there, but if you’re using SMS to keep your accounts safe, it’s best you switch over to a dedicated authentication app instead.

The reason for this is because it’s easier than ever for someone to intercept your text messages and direct those messages to them instead of you (Wired goes through a number of situations where this has happened and it happens more often than you would think).

This is down to a flaw in SS7, a protocol used by phone networks to exchange the information needed for passing calls and texts between each other, and allows people from one network to roam on another. In short, it’s best to assume your normal calls and texts aren’t as secure as you would think.

Granted, whether you would be targeted or not really depends on a number of factors like how important you are, but like many things, you should treat this as a possibility. It likely a distant possibility but it’s a possibility all the same.

Encouragingly, more services are offering alternate ways to use 2FA but the best approach is to use a dedicated authentication app.

What an authentication app does is generate a one-time code every 30 seconds. It will continue to generate codes for you to log in even if your phone isn’t connected, ensuring you can log in regardless of the situation.

So what type of app should you use?

There are a few apps out there but a good place to start would be looking at Google Authenticator (iOS and Android) and Authy (iOS and Android). Google’s version is probably the easier of the two to set up but Authy is more robust and works across multiple devices.

Both apps will serve you well and how long it will take to set up will depend on how many accounts you have. You will have to scan a QR code (or enter in a key) for each one which may be time-consuming but it’s worth it.

Google Authenticator Source: Google Authenticator/Google Play

The only potential problem is not all apps allow you to log in using this method. Twitter is the most noticeable example of a site that only allows the SMS method but that should be changing soon.

It’s also worth mentioning that you should have a strong password too. While it’s useful, 2FA is not an excuse to continue using a weak password so change it if necessary.

Read: Seoul brings in traffic signs telling smartphone addicts to look up more often >

Read: Check out these amazing photos taken using aerial drone photography >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (5)