With the popularity of various Internet services, which are now operating in great numbers, an urgent issue has been ensuring the security of user data for each of them. Earlier, at the dawn of the development of Internet technologies, the solution was simple authorization with a username and password and the ability to change the latter using email. The user registered, could create an account and use it to access the functions of the service. Binding in this case was carried out to the mailbox. However, as time has shown, this method was not reliable enough.
Email Binding Issues
With the advent of new services (forums, blogs, social networks), it became clear that such a scheme for protecting visitors' personal data is not reliable enough. For example, after gaining access to a person’s mailbox, attackers can easily change passwords on all the services that he used (using the “Recover password” function, this can be done at all sites). All that remains to be done in this case is only to re-create an
account, which means complete data loss and the need to restore it again.
What is an account on the phone and its protection
So, due to the incomplete effectiveness of email protection, many services have resorted to a new authorization method - using SMS and a user's phone. We have already figured out how data protection using mail works, as well as what an account is. The phone has completely new opportunities for developers, because now everyone has it, and hacking it remotely is almost impossible. It is the phone that is the key connecting the real user with his account, and this is the way the developers of the largest and most advanced projects have gone. Where maximum security was required (social networks, mail services, banking), users began to be shown instructions on how to add an account to the phone and how to log in correctly using your mobile. For some time, working with such a scheme made data protection on the Internet quite effective.
How does account binding work with the phone?
So, how does authorization work using SMS? It should be noted that its basis is a randomly generated code that arrives on the phone and which needs to be driven into the service account. In general, we already know what an account is. The phone should also have the function of receiving SMS messages (and such is in all mobile devices). With its help, the user sees the code that generated the protection mechanism installed on the site and enters it into a special field on the account side. Thus, the customer’s identification takes place: they are compared in real life and as a visitor who has visited the site. Given that the sent code is constantly updated, it is impossible to guess it or pick it up with special programs.
Where phone authorization applies
The scope of SMS authorization is endless. They can be used to protect any information, access to any service. It follows only from how much the connection of such a function will cost the project organizers and whether it will be rational for them. Do not forget that each SMS is paid, although its cost is several times less than the cost of sending for ordinary users. As already noted, such a solution is beneficial when working with Internet banking, with
electronic currencies, with large social networks and various services that provide paid services. And, say, on some information site, where there is only the possibility of commenting on the news, it does not make sense to establish such a degree of protection.
Fraudsters and SMS authorization
Based on the operation of such a data protection scheme, fraudsters soon rushed to create their own earnings scheme. She worked as follows: a service was created to provide certain services (for example, a copy of a social network or a blog about earnings, a site with horoscopes or with the most effective diets), after which visitors came in to get information or register. There was a form on the site stating that the user must go through SMS authorization. Trusting visitors took out a mobile phone and waited for an access code. In fact, it was not authorization that took place, but the registration of the “subscription” service, which implies receiving paid content in return for regular deductions from the balance of the owner’s mobile account. Thinking that he successfully visited the site, the person actually made out access to the paid site. After many complaints, mobile operators stopped this scam. However, during its heyday, millions of rubles were written off from the accounts of deceived website visitors. The most interesting thing is that the user did not know
how to delete an account on the phone (I mean an account with subscriptions). It was possible to refuse the service only by sending stop SMS to a specific number. Now, by the way, the scheme works, but on a smaller scale, since the operators have introduced additional conditions for informing subscribers.
Basic Network Precautions
In order not to fall for the scammers and at the same time protect your data, you need to understand how it works, how it works and in general what an account is. The key to secure authorization lies in the phone, however, it should be completed only on trusted services. For example, it makes sense to protect your Facebook or Webmoney account, while logging in when downloading a file or reading horoscopes is not worth it, it could be a fraudulent site. You simply do not need to do this - you do not leave any data on such a service, you will not earn money on the Internet. Finally, think about the importance of the service for you and your safety. And be extremely careful when providing your phone number to someone and even more so when receiving SMS with a code on it.