Two-factor authentication

So, currently, many services that use two-factor authentication utilize one’s cellphone to verify the identity of the user.  With the rise of smart phones, however, how will this effect the security of this transaction?  Smart phones are, in essence, computers (even more so than phones in the past).  Does this leave them at risk for malware, much like with traditional computers?  Would it be possible for a piece of malware to sit on a smart phone and wait for a message from a service (such as a message with an authentication code)?  Would it be possible for the malware to redirect such a message, thus allowing the hacker to not only have a password (gotten from another attack), but also receive the authentication code when he tries to log in?  If this is possible, it could pose a serious threat to this style of authentication.

Advertisements

4 thoughts on “Two-factor authentication

  1. My fear has always been losing my phone or getting it stolen. What if you don’t realize immediately and don’t cancel services or have a weak password. I know in essence it makes it that much more difficult to get into your email, but it’s still not an end all solution. Especially with unsecured smart phones.

  2. This is why we need more smart more anti-virus security. The reason most 2-factor authenticators involve people’s phones is because it makes it convenient and efficient to login to an account that relies on 2-factor authentication. A hacker would either have to: 1) steal the victim’s smart phone, or 2) install malware on it. Recently, statistics have shown that more and more hackers are using malware to steal people’s authenticator information, which is why I say we REALLY need more anti-virus security on phones.

  3. Two-factor authentication may not be perfect but it is still so much more secure than one-step authentication. You may lose your phone, maybe even get it hijacked but even then I feel like it is an extremely efficient way to guard your information.

  4. I posted about BlackBerry before, but I think one of the reasons they are still holding on is because they can be remotely wiped. The iPhone can be remotely wiped as well, and I am sure there are apps for Android that can do the same. I use http://preyproject.com for my devices.

    Also, the Android Market does not have the same “quality control” as the Apple App Store. An app can easily squeeze its way through and use undocumented code to read your text messages or other data. Any third party text messaging app can do this as well, which isn’t a big deal if its from a trusted source, but I don’t think I’ll be downloading anything that looks like “Joe’s SMS app”

Comments are closed.