Security expert declares love for 2FA

Love may have been in the air for Valentine’s Day but as reports emerged of a security breach at OKCupid, one security expert is feeling less than enamoured with this application.

IT news site TechCrunch revealed that some users of the OKCupid app claimed hackers had forced an entry into their accounts, changing login details and email addresses. As a result, these users became locked out of their own profiles.

The embarrassment of flirty conversations being made public are obvious and, in the past, other hookup sites have also been targeted by hackers – eHarmony, Plenty of Fish and, of course, Ashley Madison to name but a few.

However, OK Cupid are arguing that their case is different. A spokesperson told TechCrunch that their application had not suffered a security breach but instead hackers had been able to gain access by guessing weak passwords, which many users will no doubt be using across multiple sites.

In response to this information, security blogger Graham Cluley issued the following warning:

“If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach. Lists including your email address and passwords can be sold to bad actors who will try your password on lots of different sites until they find one that works.”

The importance of two-factor authentication

OKCupid also warned of the need for secure passwords and issued a list of ways in which users could protect themselves online. However, what got Graham Cluely really riled was an important function missing from that list: two-factor authentication (2FA).

Cluely bemoaned the fact that many dating sites are still not offering this protection to users, something which he described as “rather disgraceful in this day and age”.

He explained: “2FA can offer an additional layer of security if a bad guy does manage to determine your username and password. When they try to log into your account from an unrecognised device, a site’s 2FA check can request that a six-digit number is entered after the username and password. That number is typically generated by an app on your smartphone – a smartphone that your wannabe account hacker doesn’t have access to.”

“My recommendation is that you should enable two-factor authentication (or its close cousin two-step verification) on as many of your online accounts as possible to protect yourself from being hacked.”

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Security expert declares love for 2FA

The importance of two-factor authentication

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000