SEARCH

Archive for July, 2022

Two-Factor Authentication Is Not Secure Or Private

Thursday, July 21st, 2022

How Two-Factor Authentication Works

Two-Factor Authentication (2FA) works by sending alphanumeric characters to an email address or mobile phone. During the login process after entering correct username and password, the send code is expected to be input in order to complete the login process.

Email Two-Factor Authentication Issues:

• If your login credentials are compromised, the hacker will already have the email address which also commonly used as the username.
• Most platforms show or ask for the email address to be entered before sending the 2FA code. A hacker can then send phishing emails or spam emails to the email address.
• Email 2FA is not a secure method of communication because the messages are encrypted.

A better option would be to secure the platform by never sending passwords over email and never having third party scripts especially trackers on the login page.

Voice Call Two-Factor Authentication Issues:

• This method assumes that a user has a phone and wants to receive phone calls from unknown numbers.
• Relying on a phone call means a user needs to add their phone number to the platform which motivates a hacker to sell the phone number to scrupulous actors.
• The user will have to pay for unnecessary long distance charges.
• Voice Call 2FA is not a secure method of communication because the messages are encrypted. Also the phone voice call can be heard by other people nearby.
• Assumes that a user has full unfettered access to the phone or phone line, which might be on temporary loan or compromised such as an abusive relationship both at work and home.
• Assumes that a user will have reliable phone service. In Canada, telecommunications provider Rogers Communications had a major outage on 2022-07-08 affecting individuals and businesses.

A better option would be selecting a random question that only the user can answer. The online bank Tangerine has used the random question method since at least 2009.

Text Message Two-Factor Authentication Issues:

• Same issues as voice call 2FA in that it assumes a user has a phone with a text message plan.
• Means that a user is not allowed to travel as they will have to pay roaming charges.
• A compromised platform will allow hackers to have access to users phone numbers and send spam text messages.
• When the phone service is down or unavailable in remote rural areas, the user will not be able to login. Also the phone text message can be seen by other people nearby, especially with modern notifications.
• Spammers and scammers can mimic the simply text messages and redirect users to malicious sites.

A better option would be asking a suspicious question that only the user can answer. Tracking the location of a user is a privacy issue and does not improve security.

CAPTCHA Authentication Issues:

• One way to separate humans and bots is with the Turing test for machine intelligence. CAPTCHA tests typically use images, a check-box or simple math calculation. Modern versions implement a timer and click algorithm to verify that the user is a human.
• Users dislike CAPTCHA methods because they are repetitive and impersonal due to the random generated images. There is no need to keep showing CAPTCHA methods if a user just logged off.
• CAPTCHA will not work when a user disables JavaScript or a web browser is not compatible
• Web browser cache can prevent CAPTCHA from loading.
• CAPTCHA will not work when some countries and IT departments ban IP addresses or ban popular third-party services

A better option would be to use a honey pot or wait for human behaviour such as a click.

Better Security With Privacy Without Annoying Users:

1. Two or Three-Step login process where the user clicks something to bring up a generated login form.
2. The user clicks a button to bring up the password form separately from the username.
3. The user clicks can act as a CAPTCHA method using a honey pot such as a hidden check-box or another input form.
4. The contact us form of both Ojambo.com and OjamboServices.com implement a tweaked hidden honey pot and never receive spam.
5. No tracking on the login screen to prevent hackers from stealing credentials.

Sites that really care about user security should not compromise on privacy. Two-Factor Authentication should not be though of as a secure method because it utilizes two of the most insecure methods of communication. Email, phone voice call and phone text message are not secure as they are unencrypted methods of communication.

References

• 2022 Rogers Communications Outage
• Tangerine Bank

Tags: 2FA, Authentication, Privacy, security
Posted in Business | No Comments »

Plant the Seeds of Growth on the Web

Thursday, July 14th, 2022

You want your business to grow. But you aren’t sure how to make that happen. While business growth and expansion are based on many factors, including your work ethic, quality of your product, and marketing skills, your website also matters.

Having a professional online presence begins with creating a website that offers information, tools, and services your customers want and need. A few examples here include:

• A custom app. There are many reasons that your business should consider bringing in an expert from Ojambo Services to design and code a custom app. Having a mobile application opens up new opportunities for revenue, allows you to track and analyze customer behavior, and, perhaps most importantly, enhances your customers’ user experience.
• Integration with your internal processes. To reduce redundancy, help you keep up with inventory, and better track revenue, your website should integrate with your ERP, CRM, and other internal processes. Some enterprise resource planning software is designed specifically to work with e-commerce. However, as IT architecture service firm Pixafy explains, others pose challenges and are best handled by an experienced developer/coder.
• A strong and cohesive brand. Your website is one of the first places your customers will look for information about your business. This is where your brand begins. Ensure that you create a lasting first impression by having your website designed to best showcase your brand. If you do not have the budget for a graphic designer, start with the basics. You can create a logo quickly on your own using a free or paid online platform. A logo maker is an appealing option, and the right one will give you all of the tools you need to combine colors, fonts, and other visual elements to design the perfect logo for your business.
• Mobile capabilities. According to Pew Research, all but 3% of Americans now own a smartphone. We use our phones for many things, including shopping and navigating to our retail destinations. As a business owner, you can perpetuate your business’s growth by ensuring that your website is mobile and allows for one-click access to call, chat, or navigate to your location. Further, a mobile site is often free of clutter, such as promotional marketing and graphic elements, that might distract people from the reason they visited your site in the first place.
• Search engine visibility. Search engine visibility is crucial for all businesses. What does this mean? It means your website is easily found on a Google search. For example, a user looks online for an ice cream shop. The results they see, which are called Search Engine Results Pages, are usually the businesses they patronize. To help your website pop up on these results pages, make sure that you create a site map, use the right types of keywords, post engaging content, and make sure that your site is submitted to all pertinent directories.

Having a strong and stable web presence increases business visibility, boosts operational efficiency, and offers a way for your customers to contact you around the clock. Websites are typically cost-effective and, when tied in with your brand, are an excellent marketing tool that you control. Don’t miss out on a valuable opportunity to use the internet to your advantage, and never lose sight of the fact that your website is a digital extension of your business. As the world continues to run on the web, your site is perhaps the most important aspect of your organization.

Ojambo is ready to help your business grow with the new website or custom app. Contact us today, and let our experts get you up and running.

References:

• Image via Pexels
• By Elena from Elenastewart.com
• Ojambo.com

Tags: Brand, custom app, Integration, Mobile, SEO, web design, web development
Posted in Business | No Comments »

Ojambo © 2003-2023 is using a theme by Ojambo.com | Entries (RSS) | Comments (RSS).