Rough 2014 Predicted For Two-Step Verification

Dec 30, 2013 By Sharon Solomon

Two-Step Security is the latest weapon in the battle against cybercrime. More and more major websites are adopting the Double Verification technique to deter hackers from stealing personal data and information. But there is bad news – this method will be rendered ineffective or even useless in 2014.

Social media giants such as Facebook, Twitter and LinkedIn recently jumped on the Two-Step Authentication bandwagon, hoping to provide millions of users some form of privacy. But this welcome security feature will soon prove to be inadequate.

This is bad news for people who use mobile devices for utility, banking and gaming purposes. The Trend Micro 2014 Security Report paints a very grim picture regarding this feature’s future. Security experts have their work cut out in 2014. Let’s see why.

What exactly is Two-Step Security?

It has many names – Double Verification, Double Login and Two-Step Verification. Arguably the most talked-about feature of 2013, tens of leading websites bolstered their security profile with the dual-login procedure. This basically means the user has to provide more than just a username and password to gain access to his account.

For example, Google sends the user’s phone a unique code that has to be entered after the initial login. This additional layer of security is a bit cumbersome to setup initially, but it provides the user with a true sense of security. Unfortunately, hackers are always looking for ways to bypass security walls. They seem to have found the solution.

How will Two-Step Security lose its effectiveness in 2014?

This security procedure is great in theory and quite effective on computers, but the use of mobile devices complicates the situation. Many mobile platforms, including iOS, are still not fully compatible with the Two-Step Security feature. But the biggest problem in mobile computing comes in the form of Man in the Middle (MitM) attacks.

MitM attacks are as simple as they sound. The hacker just becomes the middle-man, intercepting all communication between two parties. The intrusions and information harvesting is done with the help of sophisticated mobile malware such as PERKEL and ZITMO. Users of unknown public WiFi hotspots are extremely vulnerable to MitM attacks.

Smartphones are becoming competent computer-replacements, but mobile security still has a long way to go before secure usage is possible. Nearly one of five US smartphone users banked via mobile devices in 2013. These numbers will continue to rise in 2014, but the lack of a comprehensive mobile security solution is going to cause many problems.

The bottom line is that Two-Step Verification is still a welcome and useful security feature. But users have to understand that there is no such thing as a secure application. Changing passwords, avoiding unknown public hotspots and using only official software are always recommended. Security is a full-time task and the battle won’t be won in one day.

Source – Trend Micro 2014 Security Report

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

  • _securityDeveloper

    I think you should notice your audience. This text is too general to interest developers or security researchers in my opinion.
    You made a grand claim but didn’t really explain it. Why exactly will 2-step authentication won’t be effective? Must users today who would use that option have a data package.. They don’t need lousy unsecured wifi network.. and for a hacker to both know your password and your cell phone number and manage to stand in the middle… That’s way harder than just guessing a password. If the attack is not fully-targeted at a you the hacker will probably go to the next person (in case of a Google account/Facebook/etc maybe not the case for back app).
    Software based token generators such as Google Authenticator are great and I don’t see such solutions being rendered ineffective so quickly. SMS tokens are still way better than just a password for most apps.
    And if you use your phone to purchase items and transfer money, you shouldn’t download illegal software or install ROMs anyway without any regard to 2-Step Authentication, PC vs Mobile etc…

  • The Gaffer

    OK so now we have been warned but what are the facts?

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.