|
|
Unfortunately the phone systems we use on a day-to-day basis, or at least the 2G and 3G ones, are not secure. As researchers have recently exposed, call and text interception, phone tracking and other exploits are possible, and millions such attacks occur worldwide monthly (look up "The flaw in our phone systems" on youtube channel 'Veritasium' for more information on this). In combination with AI software which now allows folk to convincingly mimic other people's voices with a minimum of input, the systems are wide open for abuse.
For this reason many online service providers are switching from text-based PIN confirmations to authenticator phone apps to prove that account logins are legitimate. I don't like these apps for a couple of reasons: 1. They're still in their infancy, often overly complicated, and 2. The idea of eventually having 10 or so authenticator apps on my phone at some point, just to use the accounts I need on a daily basis, irks me. Also, though unlikely, any one of those authenticator services could potentially be compromised. That said, it's likely I won't have a choice at some point.
For the moment, there's only a few providers offering authenticator apps, but expect this number to grow. Google's is the easiest to use, but you will need the Microsoft one for anything relating to Microsoft products. Each of the major tech giants tend to silo off their security systems, so it's unlikely we'll ever have "one authenticator app to rule them all".
Realistically though, unless you are a person of interest (ie. some foreign power or criminal organisation has a bone to pick with you), the chances of you getting phone-hacked are minimal. Access to the phone systems (via compromised employees for the most part) apparently costs upward of a million dollars, making it a very-high-bidder commodity. It's more likely that you'll be targeted by the typical exploits; a service you use gets hacked and your email/password leaked/sold, and then hackers do broad-scale automated attempts to try and get into other online services you use, using the same email address and password.
For the average consumer, if you can't get your head around using authenticator apps, it's better to focus on the basics of cybersecurity: don't ever use the same password for different websites, make passwords long (12 characters is good), and enable regular 2-factor authentication (2FA) on your account ie. the website sends you a unique PIN via text/email to confirm a login. 2FA means even if a hacker has your password, they can't get access to your account without hacking your email or phone. And as long as you're not on Kazakhstan's hit list, so you're probably safe from the latter.
- Matt Bentley, computer expert at Bentley Home PC Support.
Email info@homepcsupport.co.nz or phone 0211348576.
Click here to go back to the main page.
© 2024 Matthew Bentley. All Rights Reserved
