Info@NationalCyberSecurity
Info@NationalCyberSecurity

Hackers ‘would have to physically have your phone’ to attack if you take this step | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


HARRISBURG, Pa. (WHTM) — Before Scott Zeiders managed to recoup $12,000 in money stolen by hackers, cybersecurity expert Jonathan S. Weissman said two companies — Zeiders’ bank and his cell phone provider — could have done more to prevent the theft.

Zeiders himself — having learned way more than he ever hoped about these things happen — shared advice to help other people prevent hacks and thefts: “If you don’t have two-step verification, put it on there, because once they get your password, you’re done,” Zeiders said of the hackers.

Two-step verification — a form of cybersecurity experts call “multi-factor authentication” — means requiring something other than just a username and password to access an account. Zeiders had that on his bank account but not on his cell phone account, which the hackers hit first, using that access to then compromise his bank account.

But with more people heeding that advice, hackers are becoming more sophisticated, so Weissman — a principal lecturer at the Rochester Institute of Technology’s cybersecurity department — advises going a step further.

“Any form of multi-factor authentication is better than nothing,” he said. But “text messages sent through SMS [a common text message platform] are not encrypted, and cybercriminals can intercept and read these codes that banks and other companies are sending you.”

Better, Weissman said, are “authenticator apps” such as Microsoft Authenticator and Google Authenticator. Both are available in the Apple and Google (Android) app stores.

Authenticator apps typically generate new codes every 30 seconds, which a user must enter in order to log into accounts at banks and other companies. That might sound like even more of a hassle than receiving a code via text message each time you log into various accounts, but Weissman said it’s really not, once you set it up.

“All you need is one good authenticator app, and it’s good for all the sites you sign into,” Weissman said.

He said other good alternatives are physical security keys, which plug into USB ports. Several companies make them; Weissman likes one called YubiKey, manufacturered by a company called Yubico.

Either are stronger than codes sent via SMS, he said, “because now it’s not a text message that’s being intercepted. The cyber criminals would have to [physically] have your phone.”

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW