Two Factor Authentication is a cybersecurity technique that has gained quite a bit of popularity in the last several years. The goal of two factor authentication, or 2FA, is to keep your accounts safe by verifying the identity of the person trying to log in. When logging into certain accounts, you may be asked to enter a one-time six-digit code that was sent to your phone via a text message, email, or phone call. This is just one of the many types of 2FA that are out there today. This technology makes it harder for cybercriminals to hack your accounts, since they now need more than just a username and password. But, as we already know, these cybercriminals are constantly creating new ways to bypass these security measures and steal your account. Now, they are going after 2FA apps.
Another common form of 2FA is through an app. There are many reputable 2FA apps that exist, like Google Authenticator, Authy, and Duo Mobile. When logging into your account once a 2FA app is connected, you will be able to verify your identity using the app rather than a text message or phone call. Some may generate codes for you that you then input into the website or application you are logging into, and some may send you a prompt for a simple ‘yes, this is me,’ or ‘no, that is not me.’ Either way, the goal of these apps is still to keep your account secure by asking for a second form of verification aside from your username and password.
While searching through Google Play or the App Store, you will probably find many, many different 2FA apps. Some of these apps will be secure and trustworthy, but there is a considerable amount of scam apps as well. These apps may scam the user into spending an excessive amount of money on a ‘yearly subscription,’ or be a resource for scammers to steal your information. Some of these apps may even pose as other reputable companies by stealing their logos or using a nearly identical name. In order to stay safe, make sure that you are downloading the real one and not a fake copycat app when you are downloading a 2FA app.
A security research/developer team called Mysk has reported that many of these fake 2FA apps are free to download, making them attractive to an unaware user looking for a 2FA app. Once they trick the user into downloading their app, they will then send prompts to buy a subscription. Sometimes, these apps will not let the user log into their accounts without paying a fee each time, and will steal the data from the authentication app and send it to the app developer. These scammers may even run ad campaigns on the App Store in order to promote their fake 2FA app and gain more users or boost their rankings.
So, in trying to protect your log ins with two-factor authentication, you have to take steps to stay safe by verifying the trustworthiness and validity of your 2FA apps, too. No matter what form of 2FA you use, you should always be careful with your data. In times like today where a potential cybersecurity threat could be anywhere, it is important to have an IT service provider by your side. They will be able to guide you down the right path with their expertise. If you ever were skeptical of an app, a good IT partner would be able advise you on whether or not to download it. At Blue Oak, we can help you with all of that and more! Contact us here to get in touch today.
Read our last post here: The Potential Risks of ChatGPT
