Hypersecu Blog

Check in weekly for news, events, and security tips

Simple Mobile Protection

Is it too good to be true?

For some people, protecting online accounts is looked upon as more of a hassle than anything else. Whether it’s the “it won’t happen to me; I have nothing worth hacking” or the “it’s more trouble than it’s worth” line of thought, people sometimes use secure authentication only as a last resort. When they do decide to use it, they often choose what seems to be the simplest and most readily available of methods: SMS, or text messages, an emailed security code, or an authentication app. What happens next? They quickly learn what a pain it can be to sign in to their newly protected accounts from their mobile devices.

© | Dreamstime.com

The flipping from screen to screen can make it difficult to log into an app or website on a mobile device. Often the code is long and hard to remember, causing multiple mistypes. If time is taken to ensure accurate recall and typing, the code can expire before you’re finished, adding to the frustration. It doesn’t have to be this way, though. New technology and devices can offer excellent protection—often better than SMS or email codes—for much less hassle.

What is 2FA?

Two-factor authentication (2FA) offers an additional layer of protection when signing in by having you type in a code or some other information to confirm your identity. The second layer helps keep a hacker from accessing your account since the hacker will need not just your username and password (the first layer) but also the second factor (an additional PIN, a security token, etc.) It may be common knowledge nowadays that static passwords don’t offer much protection for accounts. They seem to fall into two categories: easy to remember/easy to hack or hard to remember/hard to hack. Since the second category is hard to manage, few people use it—or if they do, they’ll usually write it down somewhere or use a password manager to store it, leaving themselves vulnerable. 2FA offers a simple solution to secure an account without relying on complicated passwords.

There is a multitude of ways to introduce 2FA security to your accounts. Some of the most common 2FA products are one-time password (OTP) hardware tokens, public key infrastructure (PKI) devices, and smart cards. There are other new options such as FIDO U2F and UAF devices as well. One-time password tokens in particular operate a lot like an SMS or email code, but with stronger security and smoother functions.

What Is 2-Step Verification?

Then there are the options mentioned above: SMS, verification codes sent via email, and authentication apps known as 2-step verification or 2-step authentication. Although they do provide some added security, they’re not as strong and aren’t considered true 2FA protection like hardware devices are. A good example of this is when you sign into an account and receive a code texted to your phone. The vulnerabilities here are two-fold: first, the “something you have” and “something you know” might be the same thing, especially if you use the same phone you receive the code on to sign in to your account. Second, since the OTP value is generated on a connected device, it’s much easier to hack it or to have downloaded malware hidden in an app without noticing. With an unconnected OTP hardware token, you don’t have these risks.

Why Use an OTP Token?

Although getting a text, email, or app-generated authentication code seems like a convenient option for added security, once you try to sign in while on a mobile device, you’ll quickly realize that those options may not be the best choice with their annoying issues and lower level of security.

Benefits of OTP Tokens

In addition to having to multitask on the same mobile screen, having your code on the same device you are using to access the account keeps it from being a second layer of security. Mobile devices can be easily hacked (sometimes they’re not even protected) and if the hacker steals the phone, it may just be a matter of time before he has everything he needs to gain access to all your accounts.

OTP tokens solve all of these issues:

  • True 2FA for mobile devices
  • Not hackable via Wi-Fi or online
  • Stronger encryption
  • No need to shift from screen to screen on mobile device

Introducing Edge

OTP devices such as the HyperOTP™ Edge card utilize NFC capabilities on mobile devices so that you can tap and read the OTP value, thus eliminating mistypes. The Edge is also user-programmable, meaning that the key code or secret key is never known by the manufacturer or any third party. The end user has complete control over their own security. The Edge is also lightweight, making it perfect for cost-effective distribution via letter mail. You can learn more about the Edge and its benefits here.

To sum up—you can have high-level security on a mobile device without all the hassles. The solution is to just use a hardware token. Not only does it offer extra protection, it’s also easy to use.