How many times did you login to a digital account today?
It probably was more than once. Some people access digital sites via computer or tablet, but many others rely on their phones.
To login to that phone, you must prove your identity. Typically, proving who you are requires one or more pieces of information. These may include:
- Something you know, like a PIN, password, or pattern;
- Something you have, like a code-generating phone or hardware token; or
- Something you are, as proved by fingerprints, voice recognition, or eye scans.
Though it’s becoming easier to keep phones secure, hackers are also becoming better at breaking in, leaving many people unwilling to put important information – especially financial information – online.
Keeping data secure online is a significant issue and the primary reason people continue to avoid accessing sensitive accounts electronically, according to the Federal Reserve. However, if you want to have the convenience of banking and other finance apps on your phone, it’s important to know the best ways to protect yourself.
The rise of two-factor authentication
Before data breaches became a common occurrence, a lot of people relied on single factor authentication (SFA) to protect digital accounts. This is when you would login with just a username and a password (the password being the single factor), for example.
Today, however, more and more people are relying on two-factor authentication (2FA) to protect their accounts.
With 2FA, you still enter a username and a password, but then are prompted to enter a second authentication factor. Often, the second factor is a temporary code that is sent to your phone via text message or voice mail.
This form of 2FA is remarkably convenient, but it may not provide the level of security you may want to have. You likely handle important financial information on your phone – things like your bank account, financial planning apps, and apps for businesses that use pre-loaded money, such as the Starbucks app.
In July 2016, the U.S. Department of Commerce, National Institute of Standards and Technology recommended all account providers – from banks to financial companies to social media sites – offer alternative ways to authenticate accounts, “due to the risk that SMS messages or voice calls may be intercepted or redirected.”
One major security concern is that authentication codes may be visible on your locked screen when receiving a text message, meaning anyone nearby can look at your phone and access your code.
That’s not the only way 2FA users may be vulnerable. There is also no way for the account provider to confirm an authorized user receives the code.
Unfortunately, hackers have caught on to and targeted the 2FA vulnerability. In fact, Forbes recently reported hackers have found ways to hijack SMS codes and steal millions.
There are 2FA options that provide greater security
While it is a good idea to change your security choices for accounts that are currently sending codes via text or voice mail, there is no need to panic. Wired pointed out that:
“…attacks aren’t exactly easy to pull off, and likely require the attacker to figure out the user’s cell phone number in addition to the password that they’ve stolen, guessed, or reused after being compromised in a data breach from another hacked service.”
Fortunately, there are other 2FA options that provide an improved level of security.
Wired suggested using other forms of authentication, such as applications or tokens that generate one-time codes. Both of these options are more secure than SMS options.
Talk to BP Financial in Austin TX for Financial Security
Staying secure online can be difficult, but with the right precautions, you can help limit the chances of a hacker accessing your important information.
Financial security goes beyond avoiding phone hacks, though. If you want to make sure you’re prepared for retirement, talk to a financial expert at BP Financial today to learn the best ways you can be saving and investing today to prepare for tomorrow.