BitDefender, dual authentication and SMS
According to the computer security company BitDefender, internet users should avoid using dual-factor authentication through SMS at all costs.
This injunction comes because of the explosion of a new model of computer hacking that is in vogue today. Although its position is clear on the subject, BitDefender later had to retract by advising users to activate this dual authentication mode instead of having none to protect themselves.
This article will also interest you: Chinese hackers manage to bypass dual authentication
As we all know, the two basic tips when it comes to computer security when we connect to the internet especially on platforms with unique login credentials, is the activation of dual authentication, in addition to the composition of a fairly solid password. Dual authentication is also known as strong authentication or dual-factor authentication. It's just a syntax game. Moreover, on the majority of digital platforms, starting with social networks through online banking and financial institutions to professional sites, dual authentication exists and in some cases is even imposed. This is a plus in terms of user protection, because in addition to the password the second step is particularly more difficult to get around.
But the problem with dual authentication like the majority of computer methods, it suffers from some inadequacies. This is where BitDefender, a leader in IT security solutions, has openly expressed its disapproval of the use of SMS for dual authentication. Only it didn't really please everyone. The cybersecurity firm had indeed written in a blog post on January 15th that the use of two-factor authentication via SMS should be avoided at all costs.
In a sense, it is clear that it can be said that two-factor authentication is not really safe as it is today. This is partly due to the explosion of the hacking method called the "Sim Swapping. ». The same hacking method that hacked the Twitter account of the founder of the social network in question. Conveniently, the "Sim Swapping" allows you to divert a person's phone number to another SIM card by deceiving the mobile network operator's vigilance. A simple method is effective because it does work. So if it is possible for hackers to have access to the contents of your SIM card, it is clear that your SMS, including the confirmation code of dual authentication are also at their mercy.
From this point of view, one understands the animosity of the cybersecurity company with regard to dual authentication. However, the radicalism she demonstrated in her blog post has of course provoked contradictory movements opposing such a possibility. But basically, the company explained itself by highlighting the American case that was targeted exclusively by the blog post. BitDefender believes that in Uncle Sam's country, mobile phone operators are mostly "vulnerable to swapping SIM attacks and do not have adequate procedures to combat hackers." However, on January 21, the cybersecurity company made up for it with this statement on Twitter:
"The wording of the article about dual authentication and SMS was wrong. Bar Point. As a security company, we strongly encourage everyone to use dual authentication whenever possible, while noting that some dual authentication mechanisms are safer than others and that there are, indeed, attacks targeting double SMS-based authentications."
Now access an unlimited number of passwords: