![]() In a second blog post, I will provide more details of the vulnerabilities exposed by poor security practices at telcos.Īuthenticator as your primary second factor authentication: We wrote about this recently and would like to share things we have since built to keep our users safe despite these vulnerabilities. In the past several months, we’ve been working behind the scenes to stay ahead of these attacks. Secondly, poor security processes at telcos around phone portability enable attackers to takeover accounts more easily. First, some telcos allow SMS to be readable online thereby making SMS based second factor only as strong as user’s telco billing password. Telcos break the assumption that SMS based 2FA is reliable for two reasons. This distinction is really important as it turns out phone numbers can be stolen far more easily than physical phone devices. But, sending SMS to your phone actually verifies you have access to your phone number, not really your phone device. It was intended for the second factor to be the physical device that you always have in your control. Sending a 6 digit pin code via SMS to your mobile phone, allowed online services to verify during the login process that it was indeed you who requested access to the service. The first is something you know (a strong password) and the second is something you always have (like your mobile phone). When you log in to any service in the cloud that’s storing anything of value (money, data, assets) it is crucial to have two factors. I’ll explain that after a brief overview of two factor authentication. ![]() Recent attempts to break into Coinbase user accounts point back to that weakest link being telecom companies (telcos). Security of any system is as strong as its weakest link. But that very nature of bitcoin also attracts sophisticated attackers that challenge this mission. This includes helping merchants accept bitcoin with no chargeback risk and helping users do global remittances instantly at low fees. The instant and irreversible nature of digital currency enables fascinating use cases and drives our mission to create an open financial system for the world. You can follow the steps outlined in our support article to use Authenticator. We advise our users to install Authenticator apps (Google Authenticator, Microsoft Authenticator) as their primary 2FA method to secure their Coinbase accounts from phone porting attacks. How to increase your Coinbase account security
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |