The Reddit Breach Teaches Us About Two-Factor Authentication
The latest data breach has everyone worried about the future of security.
Last week when Reddit announced they experienced a data breach in June due to a small number of employees two-factor authentication messages being intercepted, the standard security practice came under scrutiny.
Reddit CTO Chris Slowe (handle KeyserSosa) posted that the company discovered the hack on June 19, and determined it had taken place between June 14 to 18. A few employees’ accounts were compromised by way of SMS 2-factor authentication, but luckily the hackers only got read-only access to some systems containing source code, logs, and backup data.
How they gained access is what’s sounding off alarm bells. Security experts often tout two-factor authentication via SMS as a valid security measure, though in recent years the National Institute of Standards and Technology has stated SMS has security flaws, yet many industries still use it, ones you deal with directly as a consumer.
We have to remember that two-factor authentication is a security protocol that entails more than SMS, let’s not forget token authentication or an authenticator app, which both have proven to be strong security measures against hackers.
The Reddit breach teaches us that no matter what, your private information is vulnerable and while you can’t control a data breach of a service you use, you can control the information given to each service.
Always provide minimal information when completing online forms to start an account. And even though two-factor authentication isn’t perfect, it’s better to implement it anyway. Having any kind of extra security for your accounts is better than nothing.
Finally, don’t leave your devices unprotected and make sure you have installed the best antivirus for Android that includes anti-phishing and anti-hacking technology like dfndr security. Doing so gives you the freedom of safe browsing, which is a solid thing to hold onto in an unsure online world.