It hasn’t been that long since I wrote about SMS two-factor being hackable, and why you should use it anyway.
It’s an important enough topic that when I saw another article discussing a potential two-factor exploit — ‘You can’t relax’: Here’s why 2-factor authentication may be hackable — I just have to jump in to reinforce my message.
Use two-factor authentication anyway.
I’ll explain why it’s important, even if two-factor is technically hackable.
Become a Patron of Ask Leo! and go ad-free!
- Two-factor authentication makes you a less lucrative target.
- Your account is less secure without two-factor authentication.
- Currently known hacks of two-factor authentication are not easy for hackers to perform, and may even require that you be duped.
- Two-factor may not be perfect, but nothing is.
- Use two-factor authentication on any account you consider “important”.
Two-factor is a barrier
The short, simple answer is this: two-factor authentication erects another barrier to unauthorized individuals seeking to access your account. It’s a barrier most hackers won’t bother trying to penetrate; instead they’ll move on to other, less protected accounts.
Seriously, that’s all it has to be to add significant value to your account security. Make it harder for the hackers, and they’ll go find another mark.
That alone should be enough to convince you to use it. It will keep hackers out, even if it is technically hackable.
Your account is less secure without it
I stand by the position I took in my previous article: your account is less secure — potentially significantly less secure — if you protect it with only a password.
You’re relying on that one piece of information remaining a secret forever.
Ask anyone whose accounts have been compromised because the service they were using was hacked how well that worked for them. They did nothing wrong. They used long, strong, secure passwords and never shared them with anyone. Something completely out of their control exposed their password, and — poof — their account was in the hands of hackers.
Two-factor authentication could have prevented that, even if it is technically hackable.
Possible does not mean easy
That two-factor authentication can be hacked doesn’t surprise me. These are complex systems we’re dealing with. Bring enough firepower to bear, and I suppose anything is possible.
But that doesn’t mean it’s easy or commonplace.
The previous “OMG! Two-factor can be hacked!” scare required access to the telephone company systems that process SMS text messages for the targeted account. Read that again: it required access to a telephone company! Possible? Sure. Easy? Not even close.
The current scare, as I understand it, requires your participation. You need to be targeted and fall for a phishing scam that somehow uses the two-factor information you type in to access your account.
You need to fall for a phishing scam.
Let’s face it, two-factor or not, all bets are off if you fall for a phishing scam.
Two-factor is not a silver bullet, but….
One thing I absolutely agree with is that two-factor authentication is not a silver bullet. It doesn’t — can’t — provide 100% proof-positive security. Nothing can.
Or, put another way, it can’t protect you from yourself.
What it can do is provide significant additional security to your account to make it practically impossible to hack — as long as you do your part by following best security practices to keep yourself safe.
Even if two-factor is technically hackable.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!