Data Modification or Two-Factor Authentication: Which Is the Best

Data Modification

The electronic format holds all relevant information but sometimes that information can get into the wrong hands. Any coder knows data spoofing, data modification malware, as well as Trojans, and that enables them to steal a lot. It's no longer safe to use just a login and password because we tend to use the same password and login for different accounts and this is dangerous because if a hacker gains access to one important account he or she can get into another. In addition, it's not helpful to have a complex password because it's easy to forget and you usually have to keep it some place where it can easily be stolen.

The Only Reliable Protection Solution Is Two-Factor Authentication

In two-factor authentication, you first enter your login and password followed by entering a password you'll use only once. This is usually generated by a mobile app or a hardware token and can be received through an SMS message.

Also in two-factor authentication, if you have only one factor in danger, for example, your login and password, a token will generate a one-time password or OTP. OTPs are on a time scale so they are very hard to hack into or steal and no two OTPs are alike. To steal it you would have to know the secret key that's hidden in the token and in the server, so it's foolish to figure out any pattern in OTP creation.

Biometric authentication is not as good as two-factor authentication because it's more reliable because were you to lose a token, as opposed to your voice recording, you could easily replace and efficiently block it.

The Google Authenticator: The Most Popular Solution

Because Google Authenticator two-factor authentication is offered for free we decided to reveal some of the advantages and disadvantages of it.


  • It has been tested with millions of authentications worldwide.
  • It's completely free.
  • It can customize independently its functionality and conform to the company’s requirements.
  • It's an open source software application.


  • All customizations and modifications will have to be made by you and you alone.
  • There are no guarantees that there won't be any weaknesses in the application. You are responsible if the system gets compromised.

It's just a token, so you will want to implement a two-factor authentication and to do that you will need to have a server which you will have to create yourself. If you don't want anyone knowing the secret key, particularly outside your company, the authentication system would have to be on your servers. And that isn't cheap. Because there is no data signing feature the company is threatened constantly by Trojan fraud malware and data modification by hackers.

What Protection Can You Have Against Data Modification?

Data Modification is when they skip two-factor authentication and instead make a person transfer money to their account by manipulating the victim's browser. In short, they use deception. You log into your account and get a message that says money has been transferred to your account on accident and the account is locked until money is sent to the one who accidentally made the transfer. It seems real, that is until after you get the SMS message saying there is more money in your account. Only after your bank account is wiped out do you know fraud's been committed. A new function called CWYS, or data signing, can protect you from fraudsters.

Does CWYS. Data Signing, Protect You Against Data Modification?

CWYS means 'Confirm What You See' and the point of that is to have details about a monetary transaction in order to create a one-time-only password. You will be warned of a hacking attack when the one-time passwords created by the token and server are different since authentication won't be fulfilled.

The tokens use the OCRA algorithm (OATH Challenge-Response Algorithm for data signing), but the company Protectimus uses its SMART software token to allow its clients to choose the best algorithm while the data signing is used for any algorithm available. In using CWYS, you can create a greater sense of security since the CWYS works for other token types too. OCRA algorithm is great, too, but you'll want to cover your bases.

Image credit: imageenisa.europa.eu

Recommended Posts | Data Loss Prevention

The Worst Malware Viruses

Malware: The Worst Malware Viruses that Infect Desktop Computers

When your computer is infected with Malware it can damage and disable your operating systems and programs. Certain types of malware are easier to detect and isolate. But, there are a few different types of malware that are sophisticated and virtually impossible to detect or destroy ...
Beyond the Firewall

Beyond the Firewall: A Journal on Security & Vulnerability Management

As internet marketing continuously evolves into a big business, network resources and web threats increase. Cyber crime escalates quickly and attacks become worse. The challenge lies on building a defense of cloud-based strategy. But the idea of securing information behind a firewall is not enough ...
Using Free Undelete Software for Recovering Files

The Benefits of Using Free Undelete Software for Recovering Files

There are occasions when we all lose files through accidentally deleting them, and attempting to recover them can be a time-consuming. Free Undelete v2.1, is a file recovery tool which allows users to undelete files from both internal and external hard drives, flash drives, memory cards and other ...
Prevent Data Loss from a Virus

How to Prevent Data Loss from a Virus

Data loss is a devastating event! People could have prevented this if they only knew what to look for. The number one cause of data loss comes from viruses infecting computer and destroying data. When a virus infects computer, it gives you different warning signs. Here are 10 Common Warning Signs ...