Although it looks safe, Two Factor Authentication has its flaws. It protects persons’ account info if someone’s password is reached, but it leaves other back doors for hackers to use. There are numerous ways of reaching someone’s data going around this authentication method, and as such, it is not 100% safe for use while involving in a Bitcoin transaction. Truth to be said, there are no completely secure web services. Everyone can become a target of hackers in some way.
Two Factor Authentication can be easily hacked. There are various ways of doing it. Here’s a list of some ways it can be done:
- Malicious application (Trojan horse)
- Through OTP list or device, itself (stolen or lost phone)
- “Man in the middle” (Hackers insert themselves between desired website and users)
- Real-Time Phishing (the phisher asks for OTP and use it instantly, phisher pretending to be tech support, or to be you gain access from tech support)
- Through some related site (cell carrier website, for an example)
Through the years, there’s been multiple examples of hacked transactions or accounts. Not only individuals had been targeted, but also hospitals and other institutions. In the beginning of 2013. Federal Trade Commission received over 1000 reports of incidents of this sort and by the start of 2016., that number arose to over 2500 reports of identity thefts involving this sort of accounts.
There have been at least several examples of bitcoin exchange hijack in the last year, while only using people telephone numbers. In August, 2016., Jered Kenna, one of the early Bitcoin users, noticed his passwords had been changed. What happened? His identity had been faked and his phone number transferred from T-Mobile to other provider. Afterwards, hacker just linked transferred number with Google Voice. In just seconds hacker had access to all of the Kenna’s accounts while keeping him shut off. Jered Kenna lost bitcoins in range of couple of million dollars that day.
Besides Kenna, other respected professionals had been targets of this sort of hijack all stating that it is necessary for phone companies to deal with loopholes of this sort, predicting that in the future number of victims will rise to hundreds or thousands.
Taking in perspective all of the above, it’s safe to conclude that Two Factor Authentication isn’t very safe method of protection against this sort of cyber-attacks, but it is a good way of keeping close people away from one’s accounts.