Protecting our accounts and records is
essential to preserving privacy and security. There are many tools and
programs that we have to prevent the entry of malware and other types of
threats. However, to avoid intruders, either in our router or in any
account, something basic and essential is to have a strong password. But
even more, if we want to protect our records and that they do not access them
even if they get the password, there is what we know as two-step
authentication. In this article we explain why two-step
authentication through SMS is not the best on the Internet
and why it is less and less used by platforms.
The use of two-step authentication by SMS on the decline
As we know,
two-step authentication is the process by which to access a service or account
online we have to include a second access code beyond our
password. That adds an extra layer of protection. Something highly
recommended to avoid being a victim of intruders who access the accounts.
Within the way in which we can verify with that second step, one of the most common is the SMS. They send us a code to our mobile , we put it on the page, platform or service where we want to log in and that's it. In this way we verify that it really is us.
However, this two-factor
authentication method is not the most suitable for many computer security
experts. Also, many platforms are using alternative methods for
different reasons. In some cases for practicality, but many others also
for safety. There are other more reliable alternatives to protect our
accounts.
We are going to
explain what are the main reasons that are pushing platforms to use other
two-step authentication methods and leaving SMS aside.
Reasons why SMS is not the best option to
authenticate
One of the reasons is that sometimes
it does not arrive . This can occur for various
reasons. It is possible that the system fails and the code that we have to
receive will never arrive. It can also happen that we are abroad and we do
not have the SIM connected at that time, for example. Even that code takes
longer to arrive than expected due to a failure or problem with the service. We
already know that the normal thing is that we have a limited time to put that
code and if the time passes it expires.
But there are also purely security causes. Although rare, SMS interceptions can occur .
This is something that, although not to be alarmed and has a
very small rate, has increased in recent times. Cybercriminals can hijack
a phone number and thus be able to intercept SMS. They would have access
to the two-step authentication codes by SMS and thus compromise the security of
our accounts.
Also, cost is an important factor. The platforms have to send us an SMS with the code.
Something
that is repeated in all users. On many occasions even several times a day,
depending on the service we use. This obviously comes at a cost. A
price that is supported by the platform or service, although indirectly it may
also have an impact on the end user in some way. There are other methods
to authenticate that have a lower economic cost.
On the other hand, the comfort of the user . Surely we are familiar with the fact of having to enter codes that we receive by SMS and that are sometimes very long. It does not matter if we are going to have to put it on the computer or on the mobile. It can been a hassle to have to enter many characters, lowercase and uppercase letters and that at the end of some character we get confused.
Not present on many platforms yet
Ultimately,
two-factor authentication over SMS has its limitations. Experts assure
that little by little it will go into the background. New methods will
appear to identify us that do not require having to receive a code by SMS.
It should also be
mention that although the use of two-factor authentication is increasingly
present, there are still many platforms that do not use it. In fact, in a
recent article we could see that only 8 of the 30 most important websites
have this authentication system . Undoubtedly, the trend is to
increase and it is increasingly present, but it is still insufficient.
For now, what
users can do is use passwords that are strong and complex . It
is advisable to have letters (lowercase and uppercase), numbers and other
characters. It also has to be unique and we should not enter data that
relate us. For example our name, surname or date of birth. It is
important that it is totally random and has a suitable extension. In this
way we can avoid possible intruders who can guess it or use computer tools to
do so.
