Security Analysis of SMS as a Second Factor of Authentication-Reference-Cited by-同舟云学术

Security Analysis of SMS as a Second Factor of Authentication

Published:2020-08-31 Issue:4 Volume:18 Page:37-60
ISSN:1542-7730
Container-title:Queue
language:en
Short-container-title:Queue

Author:

Jover Roger Piqueras¹

Affiliation:

1. Bloomberg

Abstract

Despite their popularity and ease of use, SMS-based authentication tokens are arguably one of the least secure forms of two-factor authentication. This does not imply, however, that it is an invalid method for securing an online account. The current security landscape is very different from that of two decades ago. Regardless of the critical nature of an online account or the individual who owns it, using a second form of authentication should always be the default option, regardless of the method chosen. In the wake of a large number of leaks and other intrusions, there are many username and password combinations out there in the wrong hands that make password spraying attacks cheap and easy to accomplish.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3424302.3425909

Reference30 articles.

1. Alfonsi S. 2016. Hacking your phone. CBS News; https://www.cbsnews.com/video/hacking-your-phone/. Alfonsi S. 2016. Hacking your phone. CBS News; https://www.cbsnews.com/video/hacking-your-phone/.

2. Cimpanu C. 2018. Newer Diameter telephony protocol just as vulnerable as SS7. Bleeping Computer; https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-protocol-just-as-vulnerable-as-ss7/. Cimpanu C. 2018. Newer Diameter telephony protocol just as vulnerable as SS7. Bleeping Computer; https://www.bleepingcomputer.com/news/security/newer-diameter-telephony-protocol-just-as-vulnerable-as-ss7/.

3. Coonce S. 2019. The most expensive lesson of my life: details of SIM port hack. Medium; https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124. Coonce S. 2019. The most expensive lesson of my life: details of SIM port hack. Medium; https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124.

4. Cox J. 2020. Hackers are breaking directly into telecom companies to take over customer phone numbers. Motherboard Tech by Vice; https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh. Cox J. 2020. Hackers are breaking directly into telecom companies to take over customer phone numbers. Motherboard Tech by Vice; https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Comparative Long-Term Study of Fallback Authentication Schemes;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11

2. A framework for analyzing authentication risks in account networks;Computers & Security;2023-12

3. A Novel Authentication Method That Combines Honeytokens and Google Authenticator;Information;2023-07-07

4. Exploring Phone-Based Authentication Vulnerabilities in Single Sign-On Systems;Information and Communications Security;2022

5. Protection motivation theory using multi-factor authentication for providing security over social networking sites;Pattern Recognition Letters;2021-12