Unit 4 – Question 3

I think cyber attacks will become more sophisticated and complex in the future. We have always known that science and technology, no matter how developed it is, still has weaknesses. Hackers can take advantage of that weakness to attack individuals, harming the organization individuals work for. As I have learned from today’s lesson, hackers are not always black hat hackers . They may be geniuses who want to discover or challenge technology, so they deliberately find a loophole in technology to prove their talents. With good or bad motivation, hackers and cyber attacks will become more and more complex and develop in parallel to the development of science and technology.

I have used two-factor authentication (2FA) at work, and while interacting on social networks. I need to provide two pieces of information – password and a code sent to my mobile device before I can access my account. However, there could be  a case when someone, with malicious intention, exposes my phone number and some personal information from the Internet. They can use that information to report lost phones or lost sim cards to the mobile carrier that I am using. The carrier will then give this person a new sim card with the same phone number that I am using. Since then, by some sophisticated trick, whenever I use 2FA to authenticate my login to a bank account or social media account, the person who is trying to steal access to my account receives a message containing the authentication code from the system. He can completely attack and gain control of my accounts easily.

I think personal information like name, phone number, address, identity card is very sensitive but organizations or events like webinars often require registration to participate, of course for their administrative purpose. If this information is not stored and protected well, it can be used for malicious purposes. In addition, having strict regulations and ethical commitments from mobile service providers is also very important. If a situation like the one I just mentioned above happens, the mobile network operators will take a huge responsibility for unintentionally causing harm to their customers.

I suggest using an app to check 2FA instead of texting over the phone. You will still need your phone to download the apps required by your organization for 2FA. However, this will make it difficult for hackers if they want to steal your account access information. They will have to steal your phone, the device that you use every day as an inseparable thing. In case your phone is stolen, hackers have to bypass the phone’s security layer (password, facial recognition…) and get into the 2FA confirmation app before confirming to gain access to your account. Besides, you can locate the phone and disable it when it is stolen. Thus, in my opinion, the solution of using an application on the phone to confirm 2FA will help secure login information to the accounts better.

+ There are no comments

Add yours