In order to maintain the security of our accounts, it is not enough to just use a good password. There are other methods that can come in handy to create protection and avoid intruders. One of them is what is known as two-factor authentication. We are going to explain what it is, but we will also talk about why you should never share these codes.
Never share your 2FA codes
Two-factor authentication codes or 2FA are used to validate a login beyond the password. That is, think that you are going to enter your Facebook account, for example, from a new computer. You are going to put the corresponding password and, additionally, they are going to ask you for a code. It is usually a code that is sent by SMS or by e-mail, but it is also generated through specific applications.
If an intruder manages to steal the password to get into Facebook, they would need that second step to get in. Without that code I would not be able to access. Now, what would happen if someone steals that code, in addition to the password? You would have full control over the account and that is when there would be a major problem.
This is why it is essential to never share multiple authentication codes. Think of the case in which you use a shared account, whatever it may be, for example from a social network or a service to watch streaming videos, and the other person finds that they ask for this 2FA code. It is a mistake to share it through a message or through an application, for example.
That code could be intercepted by an intruder and would actually lose its validity. If we have a Trojan on our mobile, for example, they could steal our password and also these codes that we share with third parties. That security barrier that we’ve created would really be lost.
Attacks that ask for multiple factor codes
Hackers have had to change their techniques to be able to steal accounts. Before, they could launch a traditional Phishing attack, which basically consisted of sending an email and making the victim log in, thus stealing the password. But of course, now they also need that double authentication code to be able to enter.
What do cybercriminals do? They use social engineering to steal that access code as well. They can do it in different ways. A very common one is to call the victim by phone and pretend to be her bank. They tell him that there has been a problem with the account, that they have to carry out checks so that someone else does not steal from him. They seek fear and speed.
That hacker will request a code that will arrive by SMS to, supposedly, verify the identity and check that everything is fine. But as we can see, it is really a 2FA code that will allow that intruder to enter the bank account and steal.
Therefore, as you have seen, you should never share double authentication codes. Even if it is about sharing them with a friend or family member, since a third party could intercept them and it is a major problem.
