Get Mystery Box with random crypto!

​​CertiK says SMS is the 'most vulnerable' form of 2FA in use. | Crypto Fight

​​CertiK says SMS is the 'most vulnerable' form of 2FA in use.

The level of security provided by SMS pales in comparison to authenticators or physical security keys, CertiK's Jesse Leclere says in an interview.

Using SMS as a form of two-factor authentication has always been popular among crypto enthusiasts. After all, many users are already trading their cryptos or managing social pages on their phones, so why not simply use SMS to verify when accessing sensitive financial content?

Unfortunately, con artists have lately caught on to exploiting the wealth buried under this layer of security via SIM-swapping, or the process of rerouting a person's SIM card to a phone that is in possession of a hacker. In many jurisdictions worldwide, telecom employees won't ask for government ID, facial identification, or social security numbers to handle a simple porting request.

Combined with a quick search for publicly available personal information (quite common for Web3 stakeholders) and easy-to-guess recovery questions, impersonators can quickly port an account's SMS 2FA to their phone and begin using it for nefarious means. Earlier this year, many crypto Youtubers fell victim to a SIM-swap attack where hackers posted scam videos on their channel with text directing viewers to send money to the hacker's wallet. In June, Solana nonfungible token (NFT) project Duppies had its official Twitter account breached via a SIM-Swap with hackers tweeting links to a fake stealth mint.

I regard to this matter, Cointelegraph spoke with CertiK's security expert Jesse Leclere. Known as a leader in the blockchain security space, CertiK has helped over 3,600 projects secure $360 billion worth of digital assets and detected over 66,000 vulnerabilities since 2018. Here's what Leclere had to say:

"SMS 2FA is better than nothing, but it is the most vulnerable form of 2FA currently in use. Its appeal comes from its ease of use: Most people are either on their phone or have it close at hand when they're logging in to online platforms. But its vulnerability to SIM card swaps cannot be underestimated."

Leclerc explained that dedicated authenticator apps, such as Google Authenticator, Authy or Duo, offer nearly all the convenience of SMS 2FA while removing the risk of SIM-swapping.
Next Message
telegram-crypto.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-crypto.com.