Facebook
Name
Email
Phone
Message

Data Modification or Two-Factor Authentication: Which Is the Best

Data Modification

The electronic format holds all relevant information but sometimes that information can get into the wrong hands. Any coder knows data spoofing, data modification malware, as well as Trojans, and that enables them to steal a lot. It's no longer safe to use just a login and password because we tend to use the same password and login for different accounts and this is dangerous because if a hacker gains access to one important account he or she can get into another. In addition, it's not helpful to have a complex password because it's easy to forget and you usually have to keep it some place where it can easily be stolen.

The Only Reliable Protection Solution Is Two-Factor Authentication

In two-factor authentication, you first enter your login and password followed by entering a password you'll use only once. This is usually generated by a mobile app or a hardware token and can be received through an SMS message.

Also in two-factor authentication, if you have only one factor in danger, for example, your login and password, a token will generate a one-time password or OTP. OTPs are on a time scale so they are very hard to hack into or steal and no two OTPs are alike. To steal it you would have to know the secret key that's hidden in the token and in the server, so it's foolish to figure out any pattern in OTP creation.

Biometric authentication is not as good as two-factor authentication because it's more reliable because were you to lose a token, as opposed to your voice recording, you could easily replace and efficiently block it.

The Google Authenticator: The Most Popular Solution

Because Google Authenticator two-factor authentication is offered for free we decided to reveal some of the advantages and disadvantages of it.

Advantages

  • It has been tested with millions of authentications worldwide.
  • It's completely free.
  • It can customize independently its functionality and conform to the company’s requirements.
  • It's an open source software application.

Disadvantages

  • All customizations and modifications will have to be made by you and you alone.
  • There are no guarantees that there won't be any weaknesses in the application. You are responsible if the system gets compromised.

It's just a token, so you will want to implement a two-factor authentication and to do that you will need to have a server which you will have to create yourself. If you don't want anyone knowing the secret key, particularly outside your company, the authentication system would have to be on your servers. And that isn't cheap. Because there is no data signing feature the company is threatened constantly by Trojan fraud malware and data modification by hackers.

What Protection Can You Have Against Data Modification?

Data Modification is when they skip two-factor authentication and instead make a person transfer money to their account by manipulating the victim's browser. In short, they use deception. You log into your account and get a message that says money has been transferred to your account on accident and the account is locked until money is sent to the one who accidentally made the transfer. It seems real, that is until after you get the SMS message saying there is more money in your account. Only after your bank account is wiped out do you know fraud's been committed. A new function called CWYS, or data signing, can protect you from fraudsters.

Does CWYS. Data Signing, Protect You Against Data Modification?

CWYS means 'Confirm What You See' and the point of that is to have details about a monetary transaction in order to create a one-time-only password. You will be warned of a hacking attack when the one-time passwords created by the token and server are different since authentication won't be fulfilled.

The tokens use the OCRA algorithm (OATH Challenge-Response Algorithm for data signing), but the company Protectimus uses its SMART software token to allow its clients to choose the best algorithm while the data signing is used for any algorithm available. In using CWYS, you can create a greater sense of security since the CWYS works for other token types too. OCRA algorithm is great, too, but you'll want to cover your bases.


Image credit: imageenisa.europa.eu

Recommended Posts | Data Loss Prevention

Prevent Data Loss Using Different Drives
1071

Prevent Data Loss Using Different Drives

Although data loss affects all computer users, it is a particular problem for those of us who use word processing software. It is the most frustrating thing in the world to lose documents of importance which you have spent a lot of time in creating, especially if you are the same as most computer ...
Data Loss Prevention Issues
2675

The Issues in Data Loss Prevention

The main objective of data loss prevention or data leak prevention is to ensure that users don't send sensitive information to persons who are outside the network. This term is commonly used to refer to administrative control software products [DLP] which help in keeping tabs on what users can send ...
Hacker’s Have Your Data Now What
1870

Hacker’s Have Your Data Now What?

In the past few weeks we have seen a rise in hacker's activities on businesses, social media account, and Internet file storage or cloud storage services. Hackers have recently changed their targets from stealing credit card information to stealing celebrity nudes, 200.000 Snapchat photos ...
CRM Data Under Threat
1941

CRM Data Under Threat! A Few Tips For Using CRM Correctly

Customer Relationship Management (CRM) is a process by which businesses can store their customers’ contact information, sales and credit card accounts in one central location. This system is important especially for a new or fast-growing business because it revolves around people and relationships ...