Two-Step Text Authentication Isn't Enough Anymore

New call-to-action

Over the years we’ve been led to believe that we are doing a good thing by setting up two-step text authentication. It is a good practice to get into and is better than nothing, but it’s no longer the best method for keeping your accounts safe.

Why isn’t two-step text authentication enough?

Although your mobile device is your personal device, hackers can easily get their hands on your number. Take for instance the 2019 Hack on Twitter Co-founder, Jack Dorsey. A cyber-hacking group were able to use a technique called ‘Simswapping’ to gain access to Dorsey’s account, where they then were able to tweet directly from Dorsey’s account. The group tweeted offensive messages from Dorsey’s account for 15 minutes before being shut down.

Simswapping and Simjacking

‘Simswapping’ or also known as ‘simjacking’ is a technique where an existing phone number account is transferred to a new sim card. Hackers will target phone companies and trick staff into carrying out the switch over.

Once hackers have access to the victim’s phone number account, using two step authentication they can log into the victim’s personal accounts.

One method of preventing these techniques happening to you or your business is to use two-factor authentication.

What is two-factor authentication?

Two-factor authentication is different from Two-step text authentication as it adds an extra layer of security. Two Factor Authentication will prompt users to enter their username and password and then require additional information that only the account owner should know such as:

  • Personal Identification Number (PIN)
  • Secret questions
  • Biometric login in such as Face ID or Fingerprint

This means that unfortunately if your password is stolen, it is less likely that hackers will be able to gain access to your account.

What else can I do to keep my account secure?

Keep your account cyber safe by adopting some other good practices:

  • Use Two-Factor authentication on all sites that adopt this method
  • Use a Password manager like LastPass or 1password to keep all your passwords secure and in the same place
  • If you’re an Apple User you can turn on Two-Factor Authentication under Password & Security on your Mobile Device or under System Preferences on a Mac
  • Avoid easy to guess passwords and change your password every few months
  • Never share passwords via email or instant messaging sites
Back to Blog

Related Articles

Must-have apps and tools for business owners | Trojan Technology

Owning a business takes a lot of work, but also one of the most exciting things you can do. It...

7 Cyber Security Tips for Irish SMEs | Trojan Technologies

As a small-medium business you may think that you are not something that a hacker would consider as...

What is social engineering? And how to avoid it

Phishing, Baiting, and spear phishing are terms that we all have probably heard of, and we know to...