Experts have long said that SMS is not a reliable way of protecting data access in the Internet. According to the National Institute of standards and technology, the use of SMS messages to implement two-factor authentication in the future will not be encouraged. The document contains a direct indication that the use of SMS for two-factor authentication will be regarded as “unacceptable” and “unsafe”.
The main reason for the failure from the SMS – unreliability. An attacker may force the mobile operator to redirect a short message to your phone. There are also many malicious applications stealing one-time codes that banks send to users in SMS.
In other words, to intercept the SMS message containing the secret code, in a number of ways, so this protection can hardly be considered truly reliable. Google agrees with the conclusions of experts as at the end of last week in the company’s official blog had an interesting entry.
Google offers users an iOS and Android alternative to text messages: the company introduced two-step authentication via mobile notifications. In February of this year, this system has been improved, the notifications screen is displayed with additional information, for example, the location data and the device that carried out the attempt to log in to your Google account.
Starting this week, the search giant will offer everyone who is already using two-step verification via SMS, go to the notifications that will not only be safer but more convenient. Then how to use notifications to Android users won’t need to perform any additional action that iOS users who wish to use the new function, need to install Google Search.
Earlier it was reported that Russian law enforcement agencies, our ability to obtain partial access to the correspondence of citizens with two-factor authentication. The operator, on request from the interior Ministry gave law enforcement a duplicate SIM card from one of his clients.
To get access to the correspondence in the Telegram, operatives only have to log in to his account. An SMS with a code to enter the app it’s already a duplicate SIM cards. No source codes and keys for encryption are not needed.