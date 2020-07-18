Brett Pearce/CNET



You have probably heard this security tip: protect your accounts by two-factor authentication. Hackers will find it very difficult, it is said, if you match a password with a code sent by text message (SMS) or generated by an application like Google Authenticator.

But there is a problem: this can be easily overlooked. If not, ask Twitter CEO Jack Dorsey. The hackers They gained access to Dorsey’s Twitter account through a SIM swap attack that involves tricking an operator into switching mobile service to a new phone.

Banks, social media, and other online services are moving toward two-factor authentication to stop a torrent of hacking and data theft. More than 555 million passwords have been exposed in various situations. Even if yours is not on the list, the fact that many of us reuse passwords, even suspected hackers, means that it is likely to be more vulnerable than you think.

Do not misunderstand. Two-factor authentication is useful. It’s an important part of a broader approach called multi-factor authentication that makes login more complicated, but it also makes it much more secure. As its name implies, the technique is based on the combination of multiple factors that incorporate different qualities. For example, a password is something you know and a security key is something you have. A fingerprint or face scan is simply part of you.

Intercept your code

However, code-based two-factor authentication does not improve security as much as might be expected. This is because the code is something you know, like your password, even if it has a short lifespan. If it is compromised, that will also affect your security.

The hackers They can create fake websites to intercept your information, for example, using software called Modlishka, created by a security researcher who wants to show how susceptible websites are to attacks. Automate the hacking process, but there is nothing to stop attackers from writing or using other tools.

This is how an attack works. An email or text message draws you to the fake website, which hackers can automatically copy from the originals in real time to create compelling forgeries. There, you enter the login details and the code you received by SMS or an authentication application. He hacker then enter those details on the actual website to gain access to your account.

SIM attacks

Then there is the SIM swap attack that was the one that attacked the Twitter boss. A hacker impersonates you and convinces an employee of an operator such as Verizon or AT&T to switch your phone service to the hacker. Each phone has a discrete chip, a subscriber identity module, or SIM, that identifies it on the network. By moving your account to the SIM card of a hackerHe will be able to read your messages, including all your authentication codes sent by SMS.

Don’t rule out two-factor authentication just because it’s not perfect. It is still much better than a single password and more resistant to large-scale hacking attempts. But it definitely considers stronger protections, like hardware security keys, for sensitive accounts. Facebook, Google, Twitter, Dropbox, GitHub, Microsoft and others offer compatibility with that technology today.

How Hollywood sees hackers in film and TV [fotos] To see photos