Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Telstra outage shows a weakness in two factor authentication

Telstra outage shows a weakness in two factor authentication

2fact

Telstra recently suffered an outage in its network thanks to an unexpected fire in one of its exchanges located in Chatswood, New South Wales. For a couple of hours, and mostly (but not exclusively) if you were in NSW and on Telstra’s network, you may have had limited access to calls, mobile data and texts.

That’s annoying, but to pour a little salt into the wound, the erratic status of the network also meant that some text messages, rather than sitting around waiting to be delivered to their intended recipients, went to the wrong numbers entirely. Social media comedy ensued, and Telstra halted texts across the network to sort matters out. Eventually, normality returned to its mobile network.

One of the odd side effects of the outage could have hit you, as it did me, if you were trying to log into any service that requires two factor authentication.

As a quick refresher, two factor authentication logins require two elements for verification for a given online service. The idea is that even if you’ve used a common password, or for that matter inadvertently given your password away, your accounts will still be secure because that second factor acts as an effective second lock for your data, whether that’s an online storage service for your private photos or the contents of your bank account.

Quite commonly, because access to them is near universal, services that require two factor authentication will do so by getting you to log into a service, and then verify your identity by way of a one-time code delivered as an SMS.

In my case, I was setting up a password manager whose vault was stored in an encrypted fashion on a cloud service. For that kind of data, which controls access to all sorts of services I use on a daily basis, the inclusion of two factor authentication is generally a big plus, because I’d rather have that secondary lock.

Except, of course, when the second lock doesn’t actually have a key. To my benefit, the way the SMS key was sent through gave no indication as to what service it was for or any of my own details, so if it was mis-sent to somebody else, it would be merely baffling rather than a way into my accounts. That should be standard for any decent two factor authentication service.

So what can you do in a circumstance where a second factor such as an SMS can’t be procured? It depends on the service. Some will allow other factors to be enrolled, such as biometric fingerprint or iris recognition services, or a message sent to a specific email address, but typically those services do have to be set up in advance.

Most will allow you to tell the service that you can’t access the preferred authentication factor — because, say, you’ve lost your phone or similar — but this typically involves a slower authentication verification process. Again, that’s actually sensible policy, because the last thing you’d want is a miscreant who had conned you out of a password being able to rapidly change the two factor authentication method in use to a method they could easily access. If that happens, the locks that are meant to keep them out could easily keep you out instead.

In my case, while it was less than vital, I made do with accessing my password manager on another device that was already authorised and just painstakingly copying passwords across character by character. Less than ideal, but after a couple of hours wait, with the network back up again, the relevant verification codes came flooding in, and I had access again. Sometimes a little patience can be the best solution.

FacebookTwitterGoogle+Share

Recent News

fibre

You don’t need to stick with your current Internet Service Provider when you switch across to the National Broadband Network, but your ISP will do its best to twist your arm. While the NBN aims to offer many Australians decent broadband for the first time, for the country’s ISPs it’s a once-in-a-generation game of musical… More 

Fotolia_73676056_M

The Australian Transport Safety Bureau (ATSB) recently issued a general warning around the use of electronic gadgets inflight after an incident where a passenger’s headphones exploded inflight en route to Melbourne from Beijing. They didn’t release a whole lot of additional details regarding the make or model of the headphones, or whether there were any… More 

finance

If your paperwork piles up while you’re away from your desk then it might be time to streamline your business with a cloud-based finance package. Paperwork is one of those necessary evils when you run a business. You might prefer to spend all your time focusing on your passions, but the business won’t get far… More 

nbn

For years now we’ve been promised a bright shiny NBN future of broadband for all. It’s been bogged down by political boondoggles (no matter which side of the political fence you sit on) and an often significantly delayed rollout schedule, but the reality of the NBN is starting to hit more and more Australians as… More