Author: Chris Hoffman / Source: howtogeek.com
In a quest for perfect security, the perfect is the enemy of the good. People are criticizing SMS-based two-factor authentication in the wake of the Reddit hack, but using SMS-based two factor is still much better than not using two-factor authentication at all.
| Celebrities Then and Now | |
| |
| Photo gallery of celebrities then and now! | |
| Stanton Daily | |
| View Now |
Over 90% of Gmail Users Aren’t Using Two-Factor Authentication
Security professionals who talk about SMS verification not being good enough are getting too far ahead of themselves. Over 90% of Gmail users aren’t using any two-factor authentication at all, according to a Google engineer Grzegorz Milka gave at USENIX Enigma 2018. The number one thing most people can do to protect themselves online is to enable any type of two-factor authentication for their important accounts.
Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing about that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?
Yes, app-based two factor authentication is better than SMS-based authentication. But, if SMS is all a service offers, it’s still better than not using it at all.
SMS-based two factor has some weaknesses, but that’s missing the point. An attacker will have to spend time bypassing your SMS verification. And most targets probably aren’t worth that much effort.
Why You Need Two-Factor Authentication
Two-factor authentication is named that because it requires you to have two things to get into your account: something you know (your password) and something you have (an additional security code from your mobile device or a physical token).
When you enable SMS-based two factor authentication, the service will send your mobile phone number a text message containing a one-time code whenever you sign in from a new device. So, even if someone has your username and password for that account, they won’t be able to sign into your account without access to your text messages.
There are also other types of two-factor methods, including apps on your phone that generate temporary security codes and physical security keys you have to plug into your computer.
Any type of two-factor authentication provides a huge amount of protection for important accounts like your email, social media, and bank accounts. This is especially true if you re-use passwords. Many people re-use passwords at multiple websites and, when one website’s password database leaks, that password can be used to sign into their email accounts. Two-factor authentication would stop this right in its tracks.
That doesn’t mean you should re-use passwords. You should not re-use passwords. You should…
The post SMS Two-Factor Auth Isn’t Perfect, But You Should Still Use It appeared first on FeedBox.