Skip to content

Stop Account Takeover Using Two Factor Authentication

May 23, 2019

Telesign Team

Do you want to do something terrifying? Ok. Click here to find out if your passwords are floating around on the internet.They probably are. Mine are. Thanks to major security breaches by both Ticketfly and Coachella my personal email address and the passwords I used for those accounts are all over the internet, waiting for someone to hack in and…buy concert tickets? Maybe I should see less live music.

Pwn’d

Fortunately for me, those are two relatively minor websites that I used a couple times. One of the companies doesn’t exist anymore. However, for someone with poor security hygiene it could be a massive problem. For the 59% of people that use the same password for everything? This is bad news. It doesn’t matter where their data leaks from, it’s out there and fraudsters will try to squeeze as much value as possible out of that email and password. If my defunct Ticketfly credentials for example were the same as my Amazon…I could be in a world of hurt. Fortunately, the most basic security measures can block this attack 100% of the time. Turn on 2FA. That’s it.

2FA

Google’s security blog put out data this week that shows that 2FA is the best defense against most account hacks. Simple SMS based 2FA can prevent 100% of account takeover attacks coming from automated bots and was up to 27% more effective when compared to a knowledge-based challenge. That’s pretty compelling data! Furthermore, an SMS code was 96% effective at shutting down phishing attacks and 76% more likely to shut down a targeted attack, something that only one in a million users will face.Without being too dramatic, it seems like security malpractice if any platform dealing with the flow of commerce sees those statistics yet still refuses to turn on 2FA.At Telesign we think it is important to protect your users and with multi-factor authentication it’s easy. By simply turning it on, we can prevent most account takeovers. But our love of security doesn’t stop there. We believe in a wholistic mobile identity solution that involves data too!

Identify phone or SIM takeovers before sending SMS

Along with SMS authentication, brands should check if the phone number had a recent lifecycle change (ported, swapped or recycled) in the past few days. This is a good practice along with sending SMS or voice calls that can prevent diabolical SIM Swap or Porting attacks, like this poor guy who lost six figures in his sleep. Fraudsters can be tricky. Trust Telesign to act as your security blanket and protect you and your users while you are at your most vulnerable, it’s a simple solution to a complex problem. As for me and my future concert going experiences, there is hope! We’ve already seen certain companies unveiling new identity and engagement solutions that allow music fans a safe and rewarding experience. Perhaps my days of rock and roll aren’t quite over yet. To learn more about 2FA and how Telesign provides a full mobile identity experience click here.

This site is registered on wpml.org as a development site.