Page 36 - Cyber Warnings
P. 36
And thus, 2 Step Authentication using PIN and ATM card is, in fact, considered to be widely
successful authentication process.
Recently, many online accounts like that of Gmail also use two types of credentials from the
user. Usually, a password along with a One Time Password is used as two credentials. And, we
call it 2 Step Verification.
If we think about the security perspective, 2 Step Verification cannot be considered as safe as 2
Step Authentication. Just to give a simple example, a hacker can hack the password of a user
using various malicious methods and at the same time, also use attacks like Man-In-The-Middle
Attack to steal the One Time Password coming to the user's mobile.
One Time Passwords normally come to a mobile using an SMS or an automated phone call to
the mobile. So, an attacker can intercept the SMS or phone call by using various nefarious
methods and steal both the credentials.
Even One Time Passwords over emails are also not secure enough for similar reasons.
So, though mobile phones are considered to be something that the user possesses, the One
Time Password received in it is something that can be known by the attacker without physially
stealing the device. And hence, 2 Step Verification is not same as 2 Step Authentication.
And as discussed above, in terms of security, 2 Step Authentication is much more secure than 2
Step Verification.
About the Author
Amrita Mitra is a Cyber Security Researcher and an enthusiast of
Mathematics. Her researches include recent threats and their defenses and
detection of various cyber attacks. She also enjoyes learning about PGP.
Amrita maintains her blog site computersecuritypgp.blogspot.com which is
dedicated towards increasing Cyber Security awareness among people.
36 Cyber Warnings E-Magazine – May 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
