As you all know that the reason why we have been saved and the hacking days are beyond us is because of this one addition to the security system; the two-factor authentication system.
Whenever someone tries to sneak into our accounts we are automatically informed, even when we try to sign in from a new device/location, it stops us as well. You have no idea how many times I have been saved just because of this.
It is not only used on social media sites but banks and other places have integrated it well in their security systems. It has been the safest option to use when it comes to crypto wallets as well.
But recently, according to Kevin Mitnik, who was once the FBI’s most wanted hacker and now helps companies defend themselves, found out that this system is no silver bullet; it is susceptible to hacks.
Mitnik has found out how the vulnerability can be attacked by a something that was posted online recently.The tool to actually pull these attacks off has been made public. So any 13-year-old could download the tool and actually carry out these attacks,” he said.
The attack is so easy to pull off. The attack begins when the cybercriminal lures the victim by sending them a link through an email. Once the user clicks on the link is when the real trouble begins.
After clicking, the user is directed to log into the website. Secretly, the login goes through the hacker’s server and they are able to get a session cookie. Now the cookie helps you act as the real user and hence we don’t need the username, password, or their two-factor.
o now that there is a way for people to sneak into your accounts, how secure does it make our crypto wallets/accounts? How safe are we from this?
Well, there are two ways; one comes with a price and the other is free.
The first one is that companies are now coming up with tools like security keys. So instead of you receiving the code on your phone, you will have to plug in the security key. It contains a hardware chip and can be the additional factor needed to log in to your account. Even Google released one and they are calling it Titan Security Key.The security key stores its own password and requires the site to prove it’s legit before releasing the password and getting you signed in,” said Mark Risher, Google’s director of product management for security and privacy.
While the other one is to be careful. I know this was already a given but make sure you don’t click on any link that doesn’t look familiar. Also, one thing to look out for is the link name, they often use a similar name with only a slight change that you wouldn’t be able to notice at the first glance.
There is no other way of guarding your digital money but by being careful and that doesn’t even cost you anything, except your money in this case if you are NOT CAREFUL!!!