Don’t Want to Use Two Factor Authentication? You Might Want to Rethink that Decision

So you think two factor authentication is a pain?

Well it can be.

But let me suggest that decision can be a really bad idea and here is why.

Hackers are using two factor to BLOCK your ability to recover your account if it is hacked. This is already happening.

Here is how it works.

Hackers compromise an account. That could be done via password stuffing or any number of other methods.

Then the hackers turn on multifactor authentication and point that to a phone or email the hackers control.

Once you realize that your account has been compromised, you contact the provider. The web site says they will send a proof of ownership code to the phone or email registered to the account. Which is in the hands of the hacker.

At least some sites are saying tough luck. You are welcome to create a new account, but of course, you will lose all your data and in the meantime, if the hacker wants to extort you, they can put whatever THEY want on, say, what used to be your social media account. And there isn’t much that you can do. That could be any sort of nasty, reputation damaging stuff. And you have no way to tell visitors that it isn’t you.

You can sue the web site in court. Good luck with that one. In 2022.

In one case we just heard about, the hacker used a stolen xBox account to buy games with the former owner’s credit card. You can, of course, cancel the card if you think of it, but that is a pain.

Some sites will allow you to regain control. It may require that you send them copies of your identity documents. Assuming that the hacker didn’t change that information on your account after it was hacked. That can take a week or more. Depending on what the account is used for, well, that could be a problem in and of itself.

Bottom line – reconsider whether two factor authentication is really that much of a bother. Consider the alternative. Credit: Brian Krebs

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code