Local 12: How scammers try to beat two-factor authentication

UC professor urges users to remain diligent about their online security

Two-factor authentication can be an extra layer of security to protect online accounts, but scammers have methods to try to get around the additional protection, a University of Cincinnati professor told Local 12.

Jacques Bou Abdo headshot

Jacques Bou Abdo

With two-factor authentication, a second form of identification is required to access an account. Often, this is in the form of a one-time security code sent via an email or text message.

Scammers who have account log-in information will attempt to log in, triggering a two-factor authentication notification. They’ll also contact the account holder, posing as the institution associated with the account, in an attempt to get the account holder to reveal the authentication code.

So, it’s important for users to be diligent about their online security and not assume that two-factor authentication will protect them from all scams, said Jacques Bou Abdo, an assistant professor in UC’s School of Information Technology.

“The illusion of security you get from enabling the two-factor authentication is an illusion, and the user has to be really due diligent whether he has the factor authentication or not when he deals with the system,” Bou Abdo said.

See more from Local 12.

Featured image at top: Two-factor authentication graphic. Photo/tsingha25via iStock

Impact Lives Here

The University of Cincinnati is leading public urban universities into a new era of innovation and impact. Our faculty, staff and students are saving lives, changing outcomes and bending the future in our city's direction. Next Lives Here.

Related Stories