Multi-factor authentication is becoming more ubiquitous, but some methods are more secure than others.

By now many of us already understand the dangers of poor-quality passwords, yet just in March, there was a $15 million ransom demand issued due to “password” being used as a password. In order to provide an additional layer of security, multi-factor authentication (MFA) has been brought in to mediate the risks of static stored passwords.

SMS as authentication, Security Questions, and a Mobile App Authenticator are some types of MFA. However, even with these added layers, users can still be lulled into a false sense of security as some types of MFAs are not as safe as we thought.


Most of us are well aware of SMS authentication. Nearly every online or cloud-based solution offers this as secondary protection from Gmail to LinkedIn to banks, whereby an SMS with a code is sent to the user’s phone, requiring them to input the code before they can proceed and access their information, etc.

There are numerous obvious benefits to this layer of protection. It is inexpensive, with all employees typically possessing a phone and so there is no need for any extra hardware for the company to provide. Additionally, it is easy to implement and usually very user-friendly and intuitive, and it can be used regardless of whether the user has data, making it easily accessible to almost all users.

However, there are a number of downsides that users should be aware of. SMS 2FA can be vulnerable to SIM Swapping/SIM Hacking, whereby the SIM card in your phone essentially tells your phone which wireless carrier to connect to, and what phone number to connect with. In a SIM swap/SIM hack attack, a threat actor impersonates you and convinces the carrier that they are, in fact, you.

Furthermore, keep in mind that most of the common wireless providers allow you to view text messages via your online account, within their web portal. If your account for the web portal itself isn’t protected with a second factor, and if you are using an easily guessed password which you use with many online accounts, a threat actor could monitor your account for an SMS OTP message that you initiated for a banking app, Facebook, etc, giving them access to those accounts.

Lastly, endpoint attacks use trojans; malware designed to intercept incoming SMS messages right on your phone and silently redirect them to attackers. SMS intercepting trojans first appeared on Symbian and, today, these trojans are most common on Android devices, prompting Google to create a whole new way of managing access to the SMS inbox.

Your mother’s maiden name …

Another popular and low-cost security feature is the security question. By providing answers to personal questions, such as what your mother’s maiden name is, the name of your first pet or your favourite teacher, you provide a unique reference that only you know. This security solution is easy to set up and does not require any devices or smartphones.

However, many security question answers are easy to dig up. People can find information like your father’s middle name or the street you grew up on relatively easily online, especially with the ubiquitous use of social media.

It is also easy to accidentally divulge this sensitive information through social engineering, such as phishing emails or phone calls. It is also likely that the user has the same question and answer for multiple accounts as it is hard to remember multiple answers to multiple questions. This increases the vulnerability of such an approach.

Mobile app authenticator

Another means to secure online accounts is through the use of a separate mobile app authenticator. This does provide an additional layer of security, especially if biometrics are enabled as even if your phone is stolen, the push notification cannot be accepted by anyone else.

These OTPs are also not tied to your phone number – rather they are tied to your phone – and so it does not relay on your wireless carrier’s reliability or security. Lastly, they are low-cost – often free – and so easily accessible for most people and smaller companies.

However, an internet connection will still be required which may limit its accessibility. Furthermore, the time-based login requirement can be hard for some people to use and for others, push notifications are disabled which can make using the app harder.

Lastly, there have been instances of hackers triggering multiple notifications, potentially causing the user to tap on the wrong one if he/she did not read the notification properly.

Ultimately, there are pros and cons to every security measure, and we are in a constant trade-off between good cybersecurity and ease of use. For busy employees and entrepreneurs, the thought of having to input codes, personal answers, etc., every time they log into their e-mail account is a non-starter.

Basic cyber hygiene is possible, though, and this means good quality passwords that are changed on a regular basis. It also means that employees should be kept up to date on the latest tricks and tools hackers employ, from phishing to SIM Swapping. Which more knowledge comes a better ability to avoid cyberattacks.

android, understanding how mfa works for you, and how it doesn’t
Joey Lim is the Country Manager, Singapore at Exclusive Networks. Joey Lim graduated from the University of London (SIM) with a Bachelor of Science in Management, First Class Honors with silver award.  With over 20 years of IT and sales excellence experience, she has effectively streamlined sales team structure; drove transformation and profitable growth; demonstrated a proven track record in maintaining high potential talent retention, nurtured and developed the next level leadership team.

Joey joined Exclusive Networks in 2020 as the Country Manager for Singapore. Prior to joining Exclusive Networks, she worked in Reseller, Vendor & Distribution organisations.

TechNode Global INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Keyword: Understanding how MFA works for you, and how it doesn’t


The best coding bootcamps in Europe in 2022

Get a crash course into the dev world

View more: The best coding bootcamps in Europe in 2022

The Best and Coolest New Gadgets of September 2022

September 2022 is in the books. We look back on all the coolest gadgets that dropped this month.

View more: The Best and Coolest New Gadgets of September 2022

New theory predicts Earth-like, watery planets exist around red dwarfs

Figure. 1: Artist’s impression of the molten surface of a young rocky planet reacting with its primordial atmosphere to form water vapor. Credit: Tadahiro Kimura Recent exoplanet exploration has focused on the discovery of temperate rocky planets like the Earth, which are often called habitable planets. Most of the ...

View more: New theory predicts Earth-like, watery planets exist around red dwarfs

Suspected Chinese hackers tampered with widely used customer chat program

ETtech The scope and scale of the hack was not immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information. Suspected Chinese hackers tampered with widely used ...

View more: Suspected Chinese hackers tampered with widely used customer chat program

Discovery of new microscopic species expands the tree of life

Legendrea loyezae with trailing tentacles. Credit: Bournemouth University Scientists have discovered several very rare species of microorganisms, some of which have never been seen before and others which have escaped the curious eyes of scientists for over a hundred years. The discovery of these elusive species, published in the ...

View more: Discovery of new microscopic species expands the tree of life

Tencent shifts focus to majority deals, overseas gaming assets for growth-sources

ETtech The shift comes as the world’s number one gaming firm by revenue is counting on global markets for its future growth, which requires a strong portfolio of chart-topping games, the sources aid. Tencent is resetting its M&A strategy to put more focus on buying majority stakes mainly in overseas ...

View more: Tencent shifts focus to majority deals, overseas gaming assets for growth-sources

5G launch | Jio will deliver 5G services in every town by December 2023, says Mukesh Ambani. Read full text

The rollout of 5G in India is not an ordinary event in India’s telecom history, says RIL Chairman Mukesh Ambani Reliance Industries Chairman Mukesh Ambani on October 1 said that telecom company Jio will launch 5G services across India by December 2023. Ambani was speaking at the India Mobile ...

View more: 5G launch | Jio will deliver 5G services in every town by December 2023, says Mukesh Ambani. Read full text

10 Ways to Send Lots of Photos to Someone in Batch

How to Send Lots of Photos to Someone in Batch Google Photos iCloud Photo Sharing Google Drive Microsoft OneDrive Email Services Messaging Sites USB Drive Other Paid Photos Sharing Services Whether at a party, tour, trip, event, or any random occasion, you may capture tons of photos. Sending them ...

View more: 10 Ways to Send Lots of Photos to Someone in Batch

Can investment zones level up the UK’s tech hubs?

Microsoft Brings Back Task Manager to Windows Taskbar in Latest Build

Chinese EV start-up Li Auto launches L8 SUV aimed squarely at German rivals BMW, Audi and Mercedes-Benz

Sony XE300 Bluetooth Speaker Review: Good, but Could Be Better

Space War Battle Cadet DX lets you match colours to defeat enemies, out now on Android

Hack puts Latin American security agencies on edge

No Terminator: Musk teases 'useful' humanoid robot

What reptile's bones can teach us about Earth's perilous past

Redmi Note 11R debut in China with Dimensity 700 processor

Winds of change drive 'alarming' rate of ocean warming

India 'must toughen goals' to achieve zero emissions, says study

Stretchy, bio-inspired synaptic transistor can enhance or weaken device memories