With two-factor authentication, users can additionally secure their online accounts. However, many apps that are supposed to help with this are themselves insufficiently secured, experts warn.
Many smartphone apps for two-factor authentication (2FA) are insecure. This is reported by security researchers. The applications that use one-time passwords as a second factor besides the actual one password Generate to log in to user accounts, often allowed to take screenshots, reports the specialist portal “Golem.de” – a fact that is already being exploited by malware.
Apps that have not implemented screenshot protection also include popular applications like that Google Authenticator or the Microsoft Authenticator. With these apps, the experts could easily have taken screenshots in a short test.
If you want to be on the safe side, you should use an app like the free and open source Android application “andOTP”, which is already protected against screenshot attacks to grab the one-time password (OTP). Another alternative to generating a second factor for logins are security USB sticks (U2F), which can be simply plugged into a computer or notebook.
The screenshot problem is said to have been known since 2014 and was last reported to affected companies by the security company Nightwatch in 2017, as it reports. After the gaps had not been fixed for years, the security researchers published their findings in early March.