2024.10.01,

Critique

New Social Media Security Requirements

author_posts/samvel-martirosyan
Samvel Martirosyan
twiterfacebook

Media researcher

Recently, digital threats have transformed, which is a common phenomenon. However, it is important to assess them accurately and adjust the security of social network accounts accordingly.

Recent incidents related to digital security once again highlight the need to minimize the use of SMS for security purposes.

Editors and administrators of social media accounts typically enable two-factor authentication; at least, that’s the case for most media. Many journalists also adhere to this rule.

However, for most of them, the two-step verification process is done through short messaging. In other words, when accessing a social network, user identification is completed by receiving a code via SMS. This method is currently considered highly unreliable for several reasons.

Reason A. SMS content can become accessible to a third party if the government intervenes. This intervention is possible during investigative operations. There have been many recorded cases worldwide where the code with the short message was intercepted. Armenia is no exception.

Reason B. SMS can be intercepted by third parties. Simply put, short messages can be hacked to extract their content. State institutions of neighboring countries and private groups can carry out these hacking attacks; such cases have been recorded in Armenia multiple times.

Reason C. Periodically, SMS messages have poor reach and may even stop arriving. In some cases, codes from certain platforms do not reach recipients in Armenia for several weeks.

Reason D. Two-factor authentication is designed to protect individuals from phishing attacks, where they may be directed to a fake page that looks like a legitimate platform. Even if a person mistakenly enters their password on a fake page, the second-level protection of two-factor authentication should prevent unauthorized access. For instance, if a verification code is sent via SMS, hackers won’t have access to it. However, there are instances where hackers might create a fake second page and prompt individuals to enter the SMS code, which can lead to compromising their account. It’s important to note that SMS codes are valid for a more extended period, while codes generated by two-factor authentication tools are only active for a short duration.

Considering all these reasons, it is clear that two-factor authentication is necessary, but the use of SMS should be avoided at all costs.

It is important to enable a two-factor authentication service when generating additional codes on a person’s phone using a special program. These codes have a short period of validity, which prevents hackers from easily carrying out two-stage phishing attacks. The short validity period makes it difficult for phishing attacks to be successful, as the codes quickly lose their effectiveness.

It is also possible to use the passkey option that has  appeared recently, even if the password is not entered. Access authorization with a trusted device will still work.

It is crucial to enable two-factor verification on all messaging apps. Reasons A and B highlight the potential for losing access to WhatsApp, Telegram, or other messenger accounts.

The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.


Add new comment

Comments by Media.am readers become public after moderation. We urge our readers not to leave anonymous comments. It’s always nice to know with whom one is speaking.

We do not publish comments that contain profanities, non-normative lexicon, personal attacks or threats. We do not publish comments that spread hate.

Leave a Reply

Your email address will not be published. Required fields are marked *