The Theft of The Century, or Why Do News Websites Need Two-Factor Authentication?

Why Is Two-Factor Authentication Necessary?

Increasingly more companies are using two-factor authentication in their online operations. Sometimes, it surprises or even annoys their users. They may think: why waste my precious time on entering additional characters? Isn’t a password sufficient?

With the widely spread advanced computer technologies, we have possibilities that our parents could only read about in science fiction novels. Thirty years ago, would anyone believe that it would be possible to order (and receive) a plane tickets or a ticket to a Paul McCartney concert without getting up from your favorite chair? Or chat with a friend in Australia as if he were in the room next to yours? Or read your favorite newspaper at breakfast without having to go out to buy it?

However, there is always the flip side to every coin. Along with the incredible conveniences, the computer has brought with it an unpleasant vulnerability of our personal and business life.

When performing various transactions online, we have to provide and transfer confidential information: bank card numbers, passport details, and passwords. Quite often, hackers intercept this information and use it for their mercenary purposes.

Fortunately, there are ways to protect our data against intruder’s attacks. One of the most reliable and convenient methods is two-factor authentication. When it is used, entering the password is not sufficient to log into the system or perform any actions in the system. The user must also provide additional information: the code from an SMS message received or the number generated by special software.

Two-factor authentication is the foundation for secure transactions in such business fields as online banking, online trading, and other routinely used services that require high levels of transmitted data security.

Nowadays, information is essentially equivalent to money. Possessing the information allows making millions; failing to keep information secure leads to millions in losses.

The levels of data security are relatively high in online banking and online trading; however, the importance of reliable user authentication is still not fully appreciated in the fields with no direct money circulation.

What Can Ignoring Two-Factor Authentication Result in?

In mid-August, one rather cautionary tale became the part of the public domain.

The US law enforcement agencies uncovered a group of cybercriminals that had been hacking corporate news channels that published restricted press releases containing information on mergers, acquisitions, and financial statuses of various companies.

The criminal group included current and former citizens of Russia and Ukraine, some of whom lived in the USA and some in the Ukraine. The hackers penetrated news channels of stock exchange agencies intended for restricted in-company use. The companies’ employees’ passwords were intercepted and used to obtain access to sensitive confidential information. It was possible because those companies did not use two-step authentication; the systems could be logged into with just one password.

The hackers passed on the illegally obtained information to their accomplices in trading, who in turn used it to forecast stock prices and make transactions based on this information.

According to the US Department of Justice, only based on the cases where the charges against these cybercriminals were proven, over the five years of their “operations”, they raked in 30 million dollars in profits. According to the US Securities and Exchange Commission experts’ assessment, the total damage amounted to a much higher figure of over 100 million dollars.

At some point, the hackers became the “victims” themselves falling prey to other hackers’ attacks. They were unable to ensure reliable protection of their correspondence. Law enforcement authorities managed to intercept their messages, which provided sufficient evidence to indict the criminals and prove their guilt.

The members of this group who reside in the USA have all been arrested, and international arrest warrants have been issued for the others.

It is claimed to be the first case of its kind of such magnitude.

It is highly unlikely that it will be the last one.

How Can Your Data Be Protected against Hacking Attacks?

Even if a company’s operations are not directly related to cash asset turnover online, there are other business secrets that criminals may be interested in obtaining. Therefore, ensuring data security is the key priority for all companies operating on the Internet. One of the main problems is customer authentication, and in some cases – employee authentication.

It should be noted that traditional two-factor authentication in the form of a code sent via an SMS message is not always safe, and other methods (retina or fingerprint scans) are not always possible.

To protect confidential information, Protectimus offers a wide range of one-time passwords – tokens.  They can be hardware and software tokens that work offline and independently of the web. Passwords generated by them significantly lower the risk of hacking and unauthorized user data use.

Modern technologies provide relatively effective methods for securely protecting valuable information. It is entirely up to you to decide whether or not you will use the options available to protect your information and yourself, including two-factor authentication.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Anna

If you have any questions about two-factor authentication and Protectimus products, ask Anna, and you will get an expert answer. She knows everything about one-time passwords, OTP tokens, 2FA applications, OATH algorithms, how two-factor authentication works, and what it protects against. Anna will explain the difference between TOTP, HOTP, and OCRA, help you choose a token for Azure MFA, and tell you how to set up two-factor authentication for Windows or Active Directory. Over the years with Protectimus, Anna has become an expert in cybersecurity and knows all about the Protectimus 2FA solution, so she will advise on any issue. Please, ask your questions in the comments.

Share This Post On

2 Comments

  1. Well written!
    I will immediately grab your rss as I can’t to find your
    e-mail subscription link or newsletter service.
    Do you have any? Kindly permit me recognize so that I may subscribe.

    Post a Reply
    • Thank you for the feedback. At this moment, we have only pop-ups with this function, but we will implement the e-mail subscription field as soon as possible. I will add your e-mail to our subscribers list manually.

      Best regards,
      Ann.

      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This