Maintaining security when browsing the Internet is very important. There are many factors that influence and one of them is having a good password. Now this does not always happen. We may find that our access key is weak and has been leaked on the network. To avoid this, one thing we can do is configure two-step authentication. But is 2FA that safe? Let’s see how they can break it.
Why they can skip the 2FA
Two-step authentication is an extra security barrier that we can add to our accounts. For example, protect email or any social network. It is a code that we can receive by SMS or through an application and that serves to identify us. The problem is that an intruder could exploit this method, as we will see. Even social engineering could attack 2FA.
Theft of the mobile
The first thing that can happen is that our mobile phone is lost or stolen. If someone had access to our device, they could automatically control all the applications and logins that we have configured. You could easily read any SMS we receive and see what the 2FA code is.
To avoid this problem, it is best to always have your mobile protected with a good password. But also, as soon as you lose the device or suffer a theft, the ideal is to call the operator to have the phone number canceled. In this way we will prevent an SMS with the code from ending up in the wrong hands.
SIM Swapping
But even without physically stealing the phone, they could also read the SMS. There are attacks such as SIM Swapping, which basically consists of the attacker calling the operator posing as the victim and thus receiving a SIM card at their address.
This method is complicated, since luckily the filters of the operators are very important and it is not easy to happen. However, the truth is that attacks of this type have occurred in other countries and it is one more strategy to steal 2FA codes.
Trojans
It could also happen that our device is affected by malware . For example, there are mobile Trojans that are designed to record the SMS we receive and be able to read them and send them to a server controlled by the attacker.
This would logically allow to read text messages with two-step authentication codes. For this reason, it is essential to protect the equipment, have a good antivirus and always update everything to solve any possible vulnerability that appears.
Brute force
One more method is simply to use brute force . This is not always possible, since there are limits and mechanisms that will prevent this from happening in most cases. However, it is yet another possibility that also jeopardizes the effectiveness of two-step authentication.
Brute force basically consists of trying over and over the different possible combinations until you find the right one. Attackers can use computer tools to do this.
Ultimately, these are some options that exist for which two-step authentication may not be effective. It is essential at all times to be protected and to use the services available correctly to reduce risk.
