Passkeys Vs SMS Based Multi-Factor Authentication: Security Experts Claim Any Method Is Better Than None To Prevent Cyber Attacks

The latest trend to adopt advanced Passkeys as your tool of choice for authentication of devices has emerged. But security experts want you to know that if you’re not keen on modern technology, going old school and sticking with SMS-based MFA is still advised.

Yes, Passkeys are recommended as the top tool by experts thanks to the many advantages they provide. But if you haven’t been able to get around it, sticking to the basics brings no harm and some kind of protection is always better than none, as explained by Eric Skinner who is the VP for Trend Micro.

Many users feel comfortable with SMS MFA because it’s to the point and almost all devices entail it, he added during this year’s RSA Conference. Yes, the vulnerability factor cannot be ignored where hackers could break into the system due to the emergence of SIM Swapping ordeals. But wait, some people are overreacting just a tiny bit over here.

Sim Swapping technology has actors wishing specific victims focus and carry out a carefully modified social engineering experiment and that does need some type of effort.

Thankfully, the latest technology is gaining plenty of traction and that is why experts have come to the conclusion that you do what you feel is best and if passkeys are your thing, nothing is better. But if not, stick to whatever you have got.

When compared to the usual hardware security systems, Passkeys are more beneficial as they can utilize common devices for authentication purposes.

Passkeys guard against the likes of attackers in the middle of incidents. And yes, little to no skills are required on this front. Codes are published and you can install them from GitHut and even attain kits from there.

Way back in 2018, phishing email attacks were so common but today, it’s not the case with modern security systems. Attackers are now able to produce emails that are much better and more comprehensive.

These end up convincing others to press in certain areas or log in and it’s perfect.

When a false website gets the credentials from a user, it ends up passing them along to the actual site. This would give rise to MFA messages which are based on text only. However, when victims add in codes, this causes the attacker to capture it and then make use of it for logging-in purposes.
As mentioned by Skinner, this would also be working as authenticator platforms or through physical tokens that display changing codes. But can fake webpages bypass antivirus software too? If yes, how?

The answer by Skinner is yes. And that’s because fake variants run across servers without any presence seen on local machines. These attacks keep growing and to prevent yourself from being caught in the middle, plenty of explainers are provided on setting up passkeys through Amazon, Google, and Apple.

Image: DIW-Aigen

Read next: The Most and Least Buggy Apps of 2024, According to Over 1 million Google Play Reviews
Previous Post Next Post