2FA Isn't Foolproof | Keep Your Money Safe

in LeoFinance28 days ago

With crypto, more of us are managing our own money instead of leaving it to a third-party institution like a bank to manage our money for us.

That means having to take care of aspects like security that we normally wouldn't have to.

I was recently talking to a client who mentioned that with 2FA or two-factor authentication, it would be very hard to breach their security defenses.

Now, she isn't completely wrong, 2FA does make it harder for hackers and thieves to access your accounts. Having said that, 2FA isn't foolproof and the number of 2FA attacks have been on the rise.

2FA Attacks

Here are some of the more popular 2FA attacks that you should be aware about:

Malware: Malicious code installed on your device allowing hackers to forward the 2FA notification you receive to them as well.

SIM Swap: Hackers convince your phone company to transfer control of your SIM card to them. They often do this by impersonating the victim and then getting the phone company to send a new SIM card over.

Realtime Phishing: Hackers make fake websites, send emails and SMSs, make calls, in order to get details from users.

SMS/Call Intercepts: The protocol used to send out those 2FA messages and phone calls has a loophole that makes it susceptible to being intercepted.

Notification fatigue: Here, the victims get multiple authentication requests. To make them go away, they click 'accept', and then the attackers have access to their accounts.

Attack Prevention Rates By Challenge Type

Here is how well Google was able to thwart 2FA attacks using different type of challenges. As you can see, device-based challenges performed better than knowledge-based ones.


Being responsible for our money requires us to be vigilant about security in ways that we didn't have to concern ourselves with before. 2FA presents an improvement that makes hacking our accounts more difficult but it is by no means foolproof.

Stay safe!

Posted Using LeoFinance Beta