Sometimes we believe that only companies that offer services in internet have the full responsibility to keep us protected, and they try. They offer methods of protection against unauthorized access to our accounts, such as checking in two steps, used by some, while others have never attended this method of protection.
Is to send a message containing a code to the phone number registered in certain web service requested when the user forgets the password and want to change or accessed from a computer with an unfamiliar IP address. The process is fairly simple, unless you lose your phone, could be the most effective method of protection, but there are those who disagree.
As reported Phys.org , a team of researchers led by Professor of the School of Engineering Tandon, New York, Nasir Memon, expert on cybersecurity , accompanied by doctoral students and Toan Nguyen Hossein Siadati, ensure that, if either a computer engineer could not ‘break’ the verification method in two steps, a social engineer could do it asking for the code , exactly.
To reach this premise, Memon and company set up a scenario where a hacker knows the phone number of the victim and asks sending a text message to reset the password or access a particular account. At the time, the person could ignore the message, but if the attacker then sends another message to request your password using the technique of phishing , the victim ignores what happens and returns its code.
In a test on 20 people, 25% agreed to the request for forwarding verification code in two steps, many of them unaware that the authentication process could compromise their own, while others were unable to distinguish between a reliable message and a malicious one , since they could not identify the source of origin of both messages.
At this Memo believes appropriate that the companies offering this method of protection apply the tactic used against phishing for users of its services to verify the origin of the message they receive. Moreover, they must understand that a protection method like this by itself is safe, but must also do their part.
And in another study where they surveyed by mail to 100 people, they realized that 30% of users were unaware that the authentication method on two factors could be compromised, while 60% rarely check the source of origin of the check messages received . The remaining 20% said they would only send the verification code if a company in the case of the tests, Google- the request.
In fact, rarely it has been seen that an attacker can enter someone’s account violating the verification method in two steps and now we realize that no computer skills are required to do so. Many people ignore the purpose of this method and are therefore likely to fall into the trap of a swindler not even be considered per se a ‘hacker’.