How 2FA Can Fail & What You Can Do About It





For exclusive travel vlogs and early access to content check out my Patreon account here: https://www.patreon.com/cryptotips

Earn BAT and Help support Crypto Tips by joining Brave Rewards: https://brave.com/cry258

Find me on Steemit: www.steemit.com/@heiditravels
Twitter: @blockchainchick
Instagram: @hheidiann
Bit.tube: RealCryptoTips

Get that BRAVE Browser! : https://brave.com/cry258

Check out the new hardware wallet Ellipal HERE: https://order.ellipal.com/?ref=5c08236b8e68e

Thinking about purchasing a Ledger Nano Hardware Wallet? Browse their official website: https://www.ledgerwallet.com/r/67ef

Want to join coinbase to begin your crypto journey? Here’s a link to get free $10: https://www.coinbase.com/join/558828d

LINKS FOR ADDITIONAL READING FOR THIS VIDEO & ALL INFO IN TEXT DOWN BELOW:

Hackers Overcoming 2FA: https://www.csoonline.com/article/3399858/phishing-attacks-that-bypass-2-factor-authentication-are-now-easier-to-execute.html
Types of Phishing Attempts: https://blog.malwarebytes.com/101/2017/06/somethings-phishy-how-to-detect-phishing-attempts/
How to Avoid Phishing Attacks: https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/
Digi-ID: https://www.digi-id.io/index.html
Hydro Raindrop: https://projecthydro.org/raindrop-phase/

Using an additional security layer like 2FA, or 2 factor authentication is something that I’ve been recommending since the start of this channel nearly 3 years ago.
For those who may not know what 2FA is or why it would be recommended, here is a brief review:If you use websites that require you to log in, and if your account there involves sensitive information like your bank details, create card details, or cryptocurrency wallets, simply using an email and password to protect that information is not the best line of defense. Reason being that typically people use the same passwords over and over again for multiple site, and often times these passwords can be easy to guess. There is also a threat of phishing attacks, but I’ll get into that later on in this video.
2FA is an additional layer of security that comes in the form of an app that you can download on your phone, the most popular being Google’s Authenticator App and the Authy App. Both are free and relatively easy to set up. These apps create 4 digit codes which reset every 15 seconds or so. If you enable 2FA on a website that allows it, when you log in, you’ll then have to reference the code provided by the 2FA app. This means that unless a hacker is in control of your phone at the time of your logging in they can’t gain access to your information.
Or at least that used to be the case.

There was an article which I tweeted about last week that shows how 2FA isn’t as infallible as we’d all hoped. In fact, not only has it been possible to circumvent for a while, now it’s becoming easier to do. I will provide a link to this article down below in the description so that you can dig into it yourself and hopefully learn something new about internet security in the process.

The key take away here is that the hackers are still relying on their potential victims to fall for their phishing attempts, to click on their fateful links that ultimately opens your digital door for them to step inside, poke around and steal everything that they can.

I can’t make a video about this topic without including how to avoid phishing attempts. Often times they present as emails that scare you into action. Something has suddenly gone wrong, your information is at risk and you need to click a link or respond with your login information like passwords or phone numbers.
Often times they are fake websites with URLs that look NEARLY identical to the real thing, but are slightly misspelled or they have the wrong ending like .co instead of .com. You proceed to log in with your information and you’ve given it all right over to the hacker.

That is the crux of this problem, the phishing attempts. If you never fall for them, you won’t be a victim of them. If you’d like additional peace of mind, there are other, new options that leverage the strength of blockchain technology in your favor to secure your information and enable you to verify your identity often in ways that are easier than traditional log in requirements. If you’re interested, check out DigiID, provided by the Digibyte platform. There is also Hydro platform’s application called raindrop. Both of these are new, meaning there aren’t many websites that have implemented them. But they exist, and there’s certainly a need for more options like this to crop up in the future so keep an eye out for them!

source

12 replies
  1. Bhushan's take
    Bhushan's take says:

    Use the phishing code provided by the authenting site, keep changing it frequently. Bookmark the authentic sites. Try to use hardware keys with backup codes or offline smart phone for 2FA, as expert hackers can go for online hot 2FA. Educate yourself… Be safe.

    Reply
  2. philhellmuff
    philhellmuff says:

    I actually think a good strong password is better for the average user because they are very likely to lose access to their 2FA. It's very likely that 95%+ of people will use a custody service for their crypto anyway and will never hold any private keys. I just hope there will be hundreds of custody services worldwide to keep it decentralized. If everyone goes to Coinbase we are in trouble

    Reply
  3. thinkofwhy
    thinkofwhy says:

    it's not that 2FA fails, it's that there are ways to bypass it. So the focus should be on preventing those bypass methods rather than poo poo 2FA. 2FA is a reliable component of authentication in any chain of security protocols.

    Reply
  4. O
    O says:

    Other options… If you use Binance alot and have a Mac, they have a Mac client you can download. Avoids using browsers, which are most susceptible to the phishing attack. Also, there is a browser extension called Cryptonite that protects you from phishing attacks.

    Reply
  5. R C
    R C says:

    2fa can fail in many ways…one way is from the backend, which happened with the gatehub hack, hundreds of people got their XRP stolen even with 2fa activated via backend access to private keys.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *