So, you know when you get locked out of your favorite social media platform or from your email account and request a password reset via your email or your phone via SMS?
As it turns out, this is not that secure at all, opening you up to a host of potential threats you don't want to deal with in the long term. However, do not fret, researchers may have a solution for you.
It happens to everyone at some point. You may forget your password or simply want access to an old account so you request a password.
However, according to the Australian Cyber Security Centre common multi-factor authentication like SMS messages, emails or voice calls have been downgraded.
So Many Factors
For the uninitiated multi-factor authentication is the ultimate respawn tool for those who get locked out of accounts. When you create an account from anywhere from a bank to Instagram you are asked to provide information like your phone number, email, name, username etc.
The more information these institutions they have, the easier it is to access your information and protect you in case of a breach, in theory.
According to the Australian Cyber Security Centre, a criminal can hack you while you receive your “forgot your password” information by simply accessing the sent information from your phone or while using more advanced techniques like SIM swapping.
Now, they are not saying multi-factor authentication is bad, however, the Australian Cyber Security Centre argues that to properly protect yourself in this day and age it is crucial to pick the right methods and channels for multi-factor authentication.
The Right Multi-Factor Authentication Is Key
It does not take much for a criminal to impersonate you. With just a little bit of information, a hacker can gain access to your bank statements in minutes. The Australian Cyber Security Centre recommends using a combination of techniques to combat this.
Tools like a voiceprint system allow you to use your unique voice to speak passphrases passwords to get into accounts. Pairing this with other biometric tools alongside a physical banking card could help protect you in the long term.
Yes, it is potentially possible for hackers to gain access to sensitive information using your own biometric data, however, it is very difficult to gain all your biometric data.
Properly diversified multi-factor authentication with biometric tools and physical identifiers could end up saving you a ton of heartache.