Skip to main content

Is two-factor authentication 100% hack- proof?

(Image credit: Supplied)

Two-factor authentication (2FA) is the best way to secure your accounts, be it email, an online shopping account or your bank account. If you are dealing with personal information over the internet, it's imperative that your information is not easily accessible. 

You can never be too careful when it comes to protecting your information. If you create an online account of sorts, always opt for 2FA. Hackers will stop at nothing to access your private information and if they are successful at first, 2FA can prevent them getting any further. 

Gone are the days of username and passwords

A simple username and password was once a surefire way to secure your information. Sadly this is no longer the case. Hackers could easily carry out cybersecurity attacks by inputting variations of names and guessing passwords. 

As much as you enter fancy symbols or weird spelling, both computer and human hackers have gained skills well beyond a simple mid-word exclamation point. As such, having another barrier to entry is important. 

Forms of 2FA

One-time pins/ password (OTP)

In South Africa, one-time pins (OTP) that are sent via SMS to the accounts linked cellphone number are the most common form of 2FA. These are often used by social media platforms and for bank verification while online shopping. 

This isn't the safest form of 2FA though. Hackers are able to cheat the system and trick mobile phone carriers into transferring the victim's cell number to their own number.

This is called SIM swapping. A hacker will phone a mobile carrier pretending to be someone they are not, in order to access their accounts. They will pretend to have lost their phone and request a new number and the 2FA pins will be sent to this number and so the cycle of cybersecurity attacks unfold.

Have you ever wondered why you need to give all your information and the kitchen sink to your mobile phone carrier when you need to get something done? It's to avoid SIM swapping scams.

Time-based one-time passwords (TOTP)

This form of 2FA is more secure than OTPs as the code is generated on your phone, rather than being sent to you via SMS.

You will need to download an app such as 

- Google Authenticator

- Microsoft Authenticator

- LastPassy

- 1Password

- Yubico 

- Authy

Android users need to take extra care though, as it is an open-source operating system. This makes it easier for hackers to install malware that can clone and send the codes to the hacker. Apple's iOS is a proprietary operating system, making it more difficult to successfully hack into.

Biometric systems 

Biometrics are the fanciest form of the 2FA. Fingerprint scanners, retinal or iris scans, facial recognition and voice recognition are all ways you can 2FA your information. 

Unfortunately these can be hacked too. If someone successfully infiltrates the software that processes this information or alternatively the server where this data is stored, your accounts can be hacked into.

Personal security questions

What town did you grow up in? What was the name of your first pet? What is your mother's maiden name? These are all forms of personal security questions that are another form of 2FA.

With the world putting their information online, be it through social media platforms like Facebook and Instagram, it may be a timeous task but hackers can find out this information. 

Always opt for 2FA

2FA is the best way to ensure there is an extra layer of security on your personal information. Err on the side of caution when it comes to the information you make public on your social media accounts, always be overly cautious when it comes to dodgy emails or websites. Change your passwords regularly and keep this information somewhere safe. 

Hacking is avoidable so long as you are overly protected and cautious when it comes to inputting personal information.