Authentication apps have become commonplace for many users, since when it comes to protecting our accounts with two factors, they play a decisive role. Since of the many two-factor modalities, the authentication app is one of the most common. Some apps that, of course, are not infallible, and that can have their risks, as the cybersecurity experts from karspersky.
What are its advantages?
Undoubtedly the greatest advantage of these apps is that they prevent hackers from taking over our account simply by obtaining the username and password. Even if they find out, with this type of app it is practically impossible for them to access the account, since they would physically need our device to access the backup codes provided to us by these applications. Another of the advantages of these apps is that the expiration of the codes they provide is quite short, so that if they want to intercept them, the hacker has practically no time to do so.
They can’t be cloned either., so even if hackers can access the code, they can’t replicate the authenticator’s action. Finally, another advantage of these authenticators is that they do not need an Internet connection to work, so the backup code can be obtained completely isolated from the connected world.
Are they vulnerable?
Well, the reality is that these apps are very safe, and as such, the chances of a hacker getting hold of one of these backup codes without physically having the mobile and opening the authentication app at the right time is quite remote. But of course, there is always the possibility that this seemingly perfect method of protection could be exploited by hackers. And the reality is that while it is unlikely that it can be violated, it can be, thanks to the interface and alternative options offered by many software vendors. Since from Karsperksy they see the failure of this system in the alternatives that providers offer us to identify ourselves beyond the authenticator. Because this is only one option among all those available. And if for whatever reason we don’t have the app at hand, we can always say that send us a code by SMS or by email. And that’s where hackers can get in on the action.
Above all If you already know our username and password and it turns out that we already use the same ones in the other methods. For example in email. If so, cybercriminals will be able to choose an alternative method such as email and access it with those credentials. Therefore, the problem is not so much the authentication apps as the alternatives offered by technology companies to access their accounts, otherwise when we run out of authenticator we would lose the account, and it is too great a risk. Another of the vulnerabilities has to do with the display of the code, since if we do it near a cybercriminal, they could copy it by seeing it on the screen.
so you can protect yourself
Cybersecurity experts remind us that there are some decisions we can make to reduce these vulnerability situations as much as possible. And the tips are simple, on the one hand something obvious like put password to the device where we have the authentication app. Also preventing it from displaying the code this can be seen by other people. Make a backup copy of the application, use more sophisticated and elaborate passwords, be aware of data leaks and change passwords when there may be a risk, and above all protect yourself from phishing, with specific tools for this, such as some with those that this cybersecurity company has. In the end, the bottom line is that the authenticator is secure, but the available alternatives to be bypassed by hackers are not.
Authentication apps, are they safe for your mobile? - Gearrice
Read More
No comments:
Post a Comment