Be Xtra wary of 2FA [Two-Factor Authentication]

 

Be Xtra wary of 2FA [Two-Factor Authentication].  Ooops, I'm not saying we should ditch 2FA's because that's way beyond our purview.  If 2FA is WHAT your banker offers, WHAT can we do then?  Let's spell it as V-I-G-I-L-A-N-C-E no less.  NOT to speak like those doomsayers, 2FA is NOT the end-of-the-world BUT alas, good for us, things are evolving.  Breaking news today, Google is ditching 2FA and replace it with QR codes.  HOW and WHY QR code is a thousand miles much better than 2FA, let's take that on💥💥💥

So, WHAT are the perils of 2FA?  It's that surprisingly easy to get hold of an SMS code.  If someone steals your smartphone, for example, those scammers will be able to access ALL [as in ALL] of the SMS codes it receives.  BUT take note that scammers DON'T need physical access to intercept your SMS codes.  In fact, they can do this while sitting in another part of the globe!@#$%?

Scammers can trick your telco carrier into 'TAKING OVER' your phone's SIM card.  From here they can disable your SIM card and transfer all the services over to their own so they can remotely access all SMS codes sent to your SMS number.  If your bank account is protected by SMS-based 2FA, for instance, they will receive the code on their own device, then authenticate themselves and voila, break into your account, ouch.  Some scammers are even engaging in a practice known as TRAFFIC PUMPING❎❎❎

So WHAT'S TRAFFIC PUMPING?  These scammers will fool organizations [and BANKS!] into sending large number of SMS messages to a set numbers [they earlier 'HOSTAGED'] which these scammers "NOW OWN".  They make a profit from those messages while the rest of us deal with a deluge of spam.  By moving away from SMS-based 2FA, Google hopes to limit these incessant scams around us😊😊😊

Our takeaway:  Just to share a bit of authentication options, I have had the chance wherein instead of relying on SMS-based authentication, the organization uses a dedicated 'AUTHENTICATOR APP' [a.k.a. password-less Passkeys System] that Google itself is pushing quite a bit.  WHEN using an authenticator app, the code generates every 30 seconds on a secure service that is controlled only by YOU and NOT by those telco carriers.  Authenticator apps themselves require biometric authentication and can be password protected as well and that adds an Xtra layer of security.  Meanwhile, until your banker's authentication does migrate to true-blue 'AUTHENTICATOR APPs', please be Xtra Xtra Xtra cautious by NOT getting tricked with all the 'modus operandi' hovering all over us❗❗❗