Data Modification or Two-Factor Authentication: Which Is the Best
The electronic format holds all relevant information but sometimes that information can get into the wrong hands. Any coder knows data spoofing, data modification malware, as well as Trojans, and that enables them to steal a lot. It's no longer safe to use just a login and password because we tend to use the same password and login for different accounts and this is dangerous because if a hacker gains access to one important account he or she can get into another. In addition, it's not helpful to have a complex password because it's easy to forget and you usually have to keep it some place where it can easily be stolen.
The Only Reliable Protection Solution Is Two-Factor Authentication
In two-factor authentication, you first enter your login and password followed by entering a password you'll use only once. This is usually generated by a mobile app or a hardware token and can be received through an SMS message.
Also in two-factor authentication, if you have only one factor in danger, for example, your login and password, a token will generate a one-time password or OTP. OTPs are on a time scale so they are very hard to hack into or steal and no two OTPs are alike. To steal it you would have to know the secret key that's hidden in the token and in the server, so it's foolish to figure out any pattern in OTP creation.
Biometric authentication is not as good as two-factor authentication because it's more reliable because were you to lose a token, as opposed to your voice recording, you could easily replace and efficiently block it.
The Google Authenticator: The Most Popular Solution
Because Google Authenticator two-factor authentication is offered for free we decided to reveal some of the advantages and disadvantages of it.
- It has been tested with millions of authentications worldwide.
- It's completely free.
- It can customize independently its functionality and conform to the company’s requirements.
- It's an open source software application.
- All customizations and modifications will have to be made by you and you alone.
- There are no guarantees that there won't be any weaknesses in the application. You are responsible if the system gets compromised.
It's just a token, so you will want to implement a two-factor authentication and to do that you will need to have a server which you will have to create yourself. If you don't want anyone knowing the secret key, particularly outside your company, the authentication system would have to be on your servers. And that isn't cheap. Because there is no data signing feature the company is threatened constantly by Trojan fraud malware and data modification by hackers.
What Protection Can You Have Against Data Modification?
Data Modification is when they skip two-factor authentication and instead make a person transfer money to their account by manipulating the victim's browser. In short, they use deception. You log into your account and get a message that says money has been transferred to your account on accident and the account is locked until money is sent to the one who accidentally made the transfer. It seems real, that is until after you get the SMS message saying there is more money in your account. Only after your bank account is wiped out do you know fraud's been committed. A new function called CWYS, or data signing, can protect you from fraudsters.
Does CWYS. Data Signing, Protect You Against Data Modification?
CWYS means 'Confirm What You See' and the point of that is to have details about a monetary transaction in order to create a one-time-only password. You will be warned of a hacking attack when the one-time passwords created by the token and server are different since authentication won't be fulfilled.
The tokens use the OCRA algorithm (OATH Challenge-Response Algorithm for data signing), but the company Protectimus uses its SMART software token to allow its clients to choose the best algorithm while the data signing is used for any algorithm available. In using CWYS, you can create a greater sense of security since the CWYS works for other token types too. OCRA algorithm is great, too, but you'll want to cover your bases.
Image credit: imageenisa.europa.eu