Keys and Identity

Vol. 18 No. 4 – July-August 2020

Keys and Identity

Security Analysis of SMS as a Second Factor of Authentication

The challenges of multifactor authentication based on SMS, including cellular security deficiencies, SS7 exploits, and SIM swapping

Despite their popularity and ease of use, SMS-based authentication tokens are arguably one of the least secure forms of two-factor authentication. This does not imply, however, that it is an invalid method for securing an online account. The current security landscape is very different from that of two decades ago. Regardless of the critical nature of an online account or the individual who owns it, using a second form of authentication should always be the default option, regardless of the method chosen. In the wake of a large number of leaks and other intrusions, there are many username and password combinations out there in the wrong hands that make password spraying attacks cheap and easy to accomplish.

by Roger Piqueras Jover

Efficient Graph Search

Stop when done.

Welcome to Drill Bits, a new column about programming that aims to augment your toolbox and help you write better software. This pilot episode of Drill Bits borrows from the zeitgeist the principle of eliminating needless work. Graphs provide a versatile, unified abstraction for an exceptionally wide range of practical systems, from electronic circuits to social networks. Graph search is fundamental to analyzing graphs and the real-world systems they represent. Do standard graph-search algorithms leave room for improvement? This column drills down on BFS (breadth-first search), which is useful in its own right and as a building block for more sophisticated analyses.

by Terence Kelly