The rise of online identity theft highlights the importance of multi-factor authentication for digital identities. Thanks to social media and e-commerce, nearly everyone has a large online footprint hackers can exploit to carry out online attacks.
Unfortunately, tech journalist Mat Honan found that out the hard way in 2012.
In the timespan of one hour, four online accounts and all of the data stored on three of his Apple devices were wiped clean, including every photo he had ever taken of his one year-old daughter. The hackers used a combination of social engineering and the loose security of single-factor authentication in the online accounts to gain access to them and wreak havoc on Honan’s life.
Honan wrote about his experience experience for Wired to discuss how common Apple and Amazon security flaws left his data vulnerable.
“Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information,” Honan wrote. “In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”
Honan’s account helped expose enormous flaws in the methods Apple and Amazon used to verify customer identity. Would a hacker be able to pull the same stunt today?
Both Apple and Amazon suggest that users activate two-factor authentication. Apple Support requires users to generate a temporary support PIN when resetting their passwords to prevent social engineering. As of September 2016, Amazon still displays the last four digits of a user’s credit card number when processing an order.
It is definitely harder today to carry out the “epic hacking” Honan suffered in 2012. However, the danger of having an online account hacked is still very real. Several online services still only implement single-factor authentication to access an account.
While two-factor authentication is more secure than single-factor authentication, multi-factor and biometric authentication can almost completely eliminate the risk of an account being maliciously hacked. Honan’s story illustrates the devastating consequences of weak sign-in security and the need to insulate security measures using higher levels of authentication.