In two-factor authentication, sites like these verify your identity using two things: something you know — the password — and something that you have — a mobile phone or a physical list of codes.
Conceivably a hacker would need both your password and mobile phone to sneak into your account.
Then users will simply feed in their passwords and their authentication codes as they get them to a malicious middle-man, a hacker.
Twitter, Facebook, Gmail, Yahoo, and even some college enrolment sites have all jumped on the two-factor authentication bandwagon.
In two-factor authentication, sites like these verify your identity using two things: something you know — the password — and something that you have — a mobile phone or a physical list of codes.
When you log into your account you enter your password and then an SMS is sent to your mobile, which you have to enter onto the log-on page before you can be given access to your account.
Conceivably a hacker would need both your password and mobile phone to sneak into your account.
CLONE SITES
But hackers have found a way into even the seemingly impenetrable wall of two-factor authentication.
The Internet is rife with examples of people whose two-factor protected accounts have been hacked.
In one particularly high-profile case a Black Lives Matter activist saw a hacker take control of his Twitter account.
The hacker called the activist’s phone company and convinced them that he needed the SIM card replaced — therefore gaining access to the activist’s SMS.
Another way to bypass two-factor authentication is set up clone sites.
Then users will simply feed in their passwords and their authentication codes as they get them to a malicious middle-man, a hacker.
More high tech targeted attacks could see hackers set up fake mobile phone towers that can intercept messages.
PAYE Tax Calculator
Note: The results are not exact but very close to the actual.
