According to security experts on stage at RSA in late-February of 2020, two-factor authentication and biometric passwords as we know them have their defects.
- With 2FA, “A clever attacker could potentially infect your phone with a Remote Access Trojan that would allow them to view or even intercept SMS verification codes sent to your device.”
- Alternatively, a hacker could create a phishing page to lure users into entering a single use code, like those generated by Google Authenticator.
- Another means of intercepting SMS messages includes SIM swapping, a tactic that requires cajoling unsuspecting mobile carriers into transferring a victim’s wireless number to a device that the bad actor controls.
- Given the inefficacious nature of standard forms of 2FA, individuals in need of advanced authentication practices may wish to migrate towards hardware security keys, although an arguably more secure access method is just emerging.
Executive director of the FIDO Alliance, an industry consortium, believes that “Within the next five years, every major consumer internet service will have a passwords alternative,” meaning no more long sequences of random numbers and letters, or 2FA.
A major advantage to FIDO is that it only functions in conjunction with legitimate websites, rendering phishing attacks impossible. FIDO promises to be easy to implement, easy to use, and nearly hassle-free.
For more information on how FIDO works, and what it can do, visit CNET.com.