Two factor authentication has been touted as the solution to account security woes globally. It turns out, that’s not completely true and as with everything, the devil is in the details. Hackers are skillful and it’s been shown time and time again that SMS-based two factor authentication can be intercepted and tampered with. This leads to hacked accounts, drained bank accounts, and worse.
So, What’s Wrong with Two Factor Authentication?
- Relies on a secondary device to be able to log in and the codes that are sent via SMS are not difficult to intercept
- Allows hackers to gain control of the authentication process if they have access to the account holder’s phone number
- Makes account holders targets for phishing and social engineering attacks
- Vulnerable to domino effect: if an individual’s account is hacked on one site, hackers can use their mobile account information to get into other accounts that also use SMS-based two factor authentication
- SS7 is unsafe: using an account holder’s phone number and an SS7 network, hackers drained German bank accounts by rerouting mobile transaction authentication numbers the account holders needed to transfer money out of their accounts
Another problem with two factor authentication, beyond the major security concerns, is the amount of friction created for consumers. We have all been trying to quickly log into one of our accounts and been frustrated that we have to get our phones and type out the number messaged to us in order to gain access. This process adds time and effort that creates an annoying experience for all consumers.
With account hacks more common that ever, how can account holders keep their information safe? Ars Technica suggests taking it a step above SMS and requiring “a cryptographic token sent by a security key attached to a device logging in.” But can token-based authentication really provide the level of security consumers and businesses alike need? In order to properly secure accounts, companies must offer options for second factor authentication that can’t be easily compromised.
How Can Ultrasonic Data Transmission Help?
Here at LISNR we are tackling two factor authentication challenges with the help of our proprietary ultrasonic tones that build in an added layer of security due to proximity requirements. We have developed a platform and protocol that redefine the two factor authentication user experience and ensure the right person is authenticating their account. Instead of relying on unpleasant manual entry of a one-time password (OTP) via SMS, we allow one-step authorization within a brand’s app.
Here’s what a LISNR enabled two factor authentication method enables:
- Frictionless authentication self contained in app or between app and website, removing consumers from doing anything more than using the app and pre-existing device biometrics
- Increased security via device proximity confirmation and pre-existing device biometrics and security measures
- Improved user experience, as consumers can complete the entire transaction, whether online or offline, using their mobile device
Closing Thoughts
While the ultimate goal of two factor authentication is to make account security safer, the methods companies provide to consumers have security and usage flaws. It’s time to do away with SMS-based OTPs in favor of inaudible authentication tones that are one-time use only and cannot be intercepted.
Want to learn more about how to offer the safest form of two factor authentication? Get in touch to connect with our team to explore how ultrasonic data transmission can help your business.
Share This Blog Post
https://lisnr.com/resources/blog/two-factor-authentication/