The Sad State of Two-Factor Authentication in U.S. Banking (2020)
The article critiques U.S. banking's reliance on SMS-based two-factor authentication, highlighting its vulnerabilities. It advocates for stronger security measures, including hardware tokens and biometrics, urging consumers to demand better protections.
Read original article
The article discusses the inadequacies of two-factor authentication (2FA) in U.S. banking, highlighting that many financial institutions rely solely on SMS-based authentication, which is considered insecure due to vulnerabilities like SIM hijacking. While two-factor authentication is essential for enhancing account security, the majority of large banks do not offer robust options beyond SMS. The author emphasizes the importance of using multiple authentication factors, which can include something you know (passwords), something you have (hardware or software tokens), and something you are (biometric data).
Alternatives to SMS include hardware tokens, software tokens, and biometric authentication, which provide more secure methods of verifying identity. The article notes that while some banks offer better security options, many do not, particularly for consumer accounts, which may be due to outdated systems or perceived lack of demand. The author encourages consumers to advocate for better security measures from their banks and to utilize 2FA wherever possible on other platforms, such as Google and Facebook, which offer more secure authentication methods. The piece concludes by urging readers to take proactive steps to protect their digital identities, including using password managers and enabling two-factor authentication on all accounts.
Related
How MFA is falling short
Multi-factor authentication (MFA) faces challenges from cyber attackers exploiting weaknesses. Breaches despite VPN, SSO, and Google Authenticator usage show risks like phishing, vishing, and Man-In-The-Middle attacks. Recent developments include "Tycoon 2FA" targeting Microsoft 365 and Gmail accounts, emphasizing the need for stronger authentication methods.
1Password and 2FA: Is it wrong to store passwords and one-time codes together? (2023)
Storing passwords and 2FA codes in 1Password is secure and convenient. The debate over using separate authenticator apps for TOTP codes is discussed, emphasizing the importance of account security through individual preferences and risk tolerance.
Second Factor SMS: Worse Than Its Reputation
Security researchers accessed 200M 2FA-SMS messages, exposing a flaw in IdentifyMobile's system used by Google, Amazon, and Facebook. CCC recommends more secure authentication methods due to significant risks.
Banks in Singapore to phase out SMS OTP in 3 months
Singapore's major banks are replacing OTPs with digital tokens to combat evolving scams. MAS mandates the shift for enhanced security, urging prompt activation by customers from banks like DBS, OCBC, and UOB.
0 commentsRelated
How MFA is falling short
Multi-factor authentication (MFA) faces challenges from cyber attackers exploiting weaknesses. Breaches despite VPN, SSO, and Google Authenticator usage show risks like phishing, vishing, and Man-In-The-Middle attacks. Recent developments include "Tycoon 2FA" targeting Microsoft 365 and Gmail accounts, emphasizing the need for stronger authentication methods.
1Password and 2FA: Is it wrong to store passwords and one-time codes together? (2023)
Storing passwords and 2FA codes in 1Password is secure and convenient. The debate over using separate authenticator apps for TOTP codes is discussed, emphasizing the importance of account security through individual preferences and risk tolerance.
Second Factor SMS: Worse Than Its Reputation
Security researchers accessed 200M 2FA-SMS messages, exposing a flaw in IdentifyMobile's system used by Google, Amazon, and Facebook. CCC recommends more secure authentication methods due to significant risks.
Banks in Singapore to phase out SMS OTP in 3 months
Singapore's major banks are replacing OTPs with digital tokens to combat evolving scams. MAS mandates the shift for enhanced security, urging prompt activation by customers from banks like DBS, OCBC, and UOB.