Data Modification or Two-Factor Authentication: Which Is the Best

Data Modification

The electronic format holds all relevant information but sometimes that information can get into the wrong hands. Any coder knows data spoofing, data modification malware, as well as Trojans, and that enables them to steal a lot. It's no longer safe to use just a login and password because we tend to use the same password and login for different accounts and this is dangerous because if a hacker gains access to one important account he or she can get into another. In addition, it's not helpful to have a complex password because it's easy to forget and you usually have to keep it some place where it can easily be stolen.

The Only Reliable Protection Solution Is Two-Factor Authentication

In two-factor authentication, you first enter your login and password followed by entering a password you'll use only once. This is usually generated by a mobile app or a hardware token and can be received through an SMS message.

Also in two-factor authentication, if you have only one factor in danger, for example, your login and password, a token will generate a one-time password or OTP. OTPs are on a time scale so they are very hard to hack into or steal and no two OTPs are alike. To steal it you would have to know the secret key that's hidden in the token and in the server, so it's foolish to figure out any pattern in OTP creation.

Biometric authentication is not as good as two-factor authentication because it's more reliable because were you to lose a token, as opposed to your voice recording, you could easily replace and efficiently block it.

The Google Authenticator: The Most Popular Solution

Because Google Authenticator two-factor authentication is offered for free we decided to reveal some of the advantages and disadvantages of it.


  • It has been tested with millions of authentications worldwide.
  • It's completely free.
  • It can customize independently its functionality and conform to the company’s requirements.
  • It's an open source software application.


  • All customizations and modifications will have to be made by you and you alone.
  • There are no guarantees that there won't be any weaknesses in the application. You are responsible if the system gets compromised.

It's just a token, so you will want to implement a two-factor authentication and to do that you will need to have a server which you will have to create yourself. If you don't want anyone knowing the secret key, particularly outside your company, the authentication system would have to be on your servers. And that isn't cheap. Because there is no data signing feature the company is threatened constantly by Trojan fraud malware and data modification by hackers.

What Protection Can You Have Against Data Modification?

Data Modification is when they skip two-factor authentication and instead make a person transfer money to their account by manipulating the victim's browser. In short, they use deception. You log into your account and get a message that says money has been transferred to your account on accident and the account is locked until money is sent to the one who accidentally made the transfer. It seems real, that is until after you get the SMS message saying there is more money in your account. Only after your bank account is wiped out do you know fraud's been committed. A new function called CWYS, or data signing, can protect you from fraudsters.

Does CWYS. Data Signing, Protect You Against Data Modification?

CWYS means 'Confirm What You See' and the point of that is to have details about a monetary transaction in order to create a one-time-only password. You will be warned of a hacking attack when the one-time passwords created by the token and server are different since authentication won't be fulfilled.

The tokens use the OCRA algorithm (OATH Challenge-Response Algorithm for data signing), but the company Protectimus uses its SMART software token to allow its clients to choose the best algorithm while the data signing is used for any algorithm available. In using CWYS, you can create a greater sense of security since the CWYS works for other token types too. OCRA algorithm is great, too, but you'll want to cover your bases.

Image credit: imageenisa.europa.eu

Recommended Posts | Data Loss Prevention

Corporate Phishing

9 Top Tips to Prevent Corporate Phishing Attacks

It's vital to recognise the role their staff play in the security of information. Employees are in possession of the credentials (passwords, ID documents, security clearances) and general knowledge which is of utmost importance to anyone trying to breach the company’s security and gain information ...
 Hard Drive to Prevent Data Loss

How to Sanitize Your Hard Drive to Prevent Data Loss

Important information remains on hard drive after it has been deleted. Emptying the recycle bin only erases the visible document. Unfortunately, MS Word creates and stores 4 copies of each document on hard drive. When one document is deleted a data recovery program can still recover the document ...
Avoid Identity Theft by Securing Your Passwords

Avoid Identity Theft By Securing All Your Passwords

When creating your passwords are you making yourself a target for identity theft? Many people have social media, email, banking, and PayPal account hacked because of their choice of passwords. The stories are all too common. How can this happen? Hackers to get simple access to your computer ...
Data Recovery Guide

Data Recovery Guide: How To Do It?

With thunderstorms, power surges, viruses, natural disasters, human errors, and hackers the risks are almost always actual. To be in the safe side, you will want to back up your files and keep carrying it out on a regular basis. A software begins to behave funny as well as if you're employing PC ...