Keep the hackers away, use multifactor authentication » Manila Bulletin Technology

As diverse as technology gets, hackers are becoming more creative and resourceful. Take, for instance, accessing free public wifi that captures your Facebook login information. While you’re relishing the free internet connection, you’ve actually given hackers a free pass by giving your own credentials. (We’ve tested this to be highly possible using a configured Raspberry Pi at one of our lab experiments at Manila Bulletin.) Or imagine getting your mobile phone stolen, hackers can easily extract your saved passwords from your stored cookies.

Just like what happened to me a few weeks ago when two armed men broke into my apartment and stole my laptop and mobile phone. Just days later, they are attempting to log in to my Facebook account. Fortunately for me, I’ve set up my login to use Multifactor authentication through a Hardware Authenticating Device. Sounds complicated? Let me help break it down for you:

If you’ve been using financial apps, you’ve probably used OTP or One-Time Password to login and make transactions online. OTP is simply a unique code that is generated and can only be used once during login or when performing transactions such as making a bank transfer, withdrawals, or bills payment. It’s an additional security layer to make sure that you are authorized to perform such tasks on your online account.

Making it quite impossible for anyone to hack into your account event if they have your login information. Your OTP can be set up using your mobile phone by sending you a code, or you can use any Hardware Authenticating Device. The price for such a device can go anywhere from Php1,000 to Php 5,000 from your favorite computer or electronics store. Its features can also range from simple authentication to fingerprint or NFC added capabilities.

For me, the Hardware Authenticating Device is a much safer way to access your online account using OTP. It might be more convenient to set up an OTP via SMS messaging to access your online account but it’s also not safe. OTP can now be accessed by hackers using the mobile network, or can now be intercepted using a malicious application. There are security features for our online accounts that we believe are safe, but hackers nowadays are becoming savvier in trying to access our online accounts. There is still a lot we don’t know about the vulnerabilities of the net or the apps that we use. The more advanced we become in adding security features, the more advanced hackers become in trying to bypass those “advanced” security features. So is it worth the extra money for a piece of hardware? Well, it will all come down to how secure you want your online accounts to be.

To help you get a head start on these really cool Hardware Authenticating Devices, I’ve listed below some of the highly recommended brands that you can look into:

Yubikey

Yubikey by Yubico is the most popular among the three. It’s used by many big companies to add security layers to their employees’ computing devices. It can perform two-factor, multi-factor, or passwordless authentication.

Thetis FIDO U2F Security Key

A USB personal encryption device. It adds a layer of security encryption by the usual USB port. It can be used in many web services such as Google, Facebook, Dropbox, and other web services that have U2F.

Titan Security Key

Is a two-factor authentication devices made by Google. It uses the FIDO standards to verify and challenge clients for verification. It is also made with a chip that can tell whether it has tampered or not.

It’s a small investment compared to paying a price in having your online accounts hacked, most especially your bank accounts. Getting a Hardware Authenticating Device is a lot like having multiple locks on your front door. Buying it is just a matter of how safe or vulnerable you’d like your online information to be. But as for me, I go as the old adage goes, “better safe than sorry.”

Tags: cybersecurity

Comments are closed.