Crypto Exchanges Still Use Google 2FA Authentication, Ignoring Security Issues
Early last year, Google made a decisive move in their security protocol. They switched from the use of their own authentication application. Their original system made use of the 2FA authentication system, whereas the new protocol used is U2F, a model much more respected by many within the security community for its security features and inability to be cracked.
The change in model sent shock-waves through several information sectors on the web. Google’s security has always been prized as one of the best setups in the business, and their switch to the new U2F model sparked significant interest in smaller businesses looking to up their own systems to something with a little more protection. The move was justified as time went on; the company has not seen a successful phishing attempt on its employees, numbering over 85,000, since integrating the new system in 2017.
Google’s switch was in part a response to a report released by security analysts at APWG, which concluded that phishing attack numbers have at least tripled in the last four years, with 246 million attempts contributing to 1.2 million successful attacks last year alone. In response, the massive company made changes to their 2FA authenticator, which had been previously adopted by hundreds of companies all over the world.
Exchange Security Models
Every current major cryptocurrency exchange makes use of the authenticator by Google. The startling statistic is especially interesting given Google’s choice to drop the system last year. Though the improvement to the original SMS 2FA model was touted as the superior option for 2FA security before it was eventually axed by the tech giant, the top cryptocurrency trade platforms continue to use the system to authenticate sign-ins for their clients.
The security issues associated with Google’s 2FA are particularly problematic given the current prevalence of phishing attempts in the current cryptocurrency community. Accounts all over the major exchanges have been reportedly hacked and drained entirely, even with the Google Authenticator backing the login process itself.
Additionally, outside phishing scams utilizing fake sites in order to trick Google-searching traders into inputting their information into the thief’s log for future nefarious uses. Binance exchange has even come forward with an official statement from their CEO, warning that users should be aware of the common presence of fake Binance.com sites indexed on the Google search engine. Additionally, security professionals warn that individuals storing money on an exchange site should bookmark the original site and avoid using the Google search engine alone to access the website.
New 2FA Technology
More and more options for security continue to be developed for use in the growing cryptocurrency exchange sector. Two-factor identification remains one of the most significant developments in the authentication process. To this end, the Hydro mobile app attempted to offer a third option for companies looking to integrate 2FA authentication into their existing security frameworks.
The Hydro 2FA tech integrates a variety of new security and anti-phishing measures into their product, making Hydro a viable alternative for exchanges who want to improve their exchange security.