You might be in trouble if your user verification is SMS-dependent
Now that most employees are working from home, calls to the Service Desk will come externally. For some security policy, SMS authentication is required to verify their identity. But how much do you trust SMS verification?
· Robert Ross, San Francisco lost $1M using sim swap
· The alleged hacker called up Ross' service provider and pretended to Ross
If an individual can lose up to $1M in a single hack without proper verification, what more for businesses? This is worth to consider when users are asked to work from home and they call the service desks from their mobile phones then send them an SMS to verify their identity.
Even the US Federal of NIST (National Institute of Standards and Technology) deprecated SMS for 2FA.
This leaves us to a question of how can we verify users’ identity when they start working from home and call the company?
Comment down your thoughts.
