After the information leak of more than 533 million users on Facebook, many personal data was exposed, including phone numbers. This has caused the two-step authentication method via SMS to be called into question. Is this really safe?
First, what is the two-step authentication method that you use most often? Your answer is probably text messaging. This is because many applications use it to ensure the security of our operations. For example, when we configure WhatsApp or carry out a bank transaction.
Now, when our personal data is exposed, the situation changes. This is because computer crooks can use it to duplicate our SIM, a fairly popular practice in recent months.
Two-step authentication method via SMS: Are you sure?
In the event that cybercriminals managed to duplicate our SIM cards, the authentication method via SMS would lose security. Therefore, the confirmation message that a certain application sends would fall into the wrong hands. It would even lead to identity theft, so to speak, since they could access our contact lists and interact with them.
But, the Facebook leak is more delicate than it seems. The email addresses and location of the victims are also targets of attacks. Criminals could use email to send phishing and spread malware to our contact lists. In a more sensitive situation, physically approach people whose data has been exposed online.
Businesses must opt for other authentication methods
Facebook’s data leak leaves us with a very clear lesson: opt for other two-step authentication methods. As which? Authy, Google Authenticator, Duo Mobile, Microsoft Authenticator, and many more. They are tools that generate a token every time you try to carry out an operation on a certain platform.
In this case, the initiative must come from the companies. After all, these are the ones who decide which security methods to implement in your tools. However, they have two major drawbacks: resistance to change and leaving the comfort zone.