With the popularity of various Internet services, of which there are a great many now, ensuring the security of the user's data of each of them has become an urgent issue. Previously, at the dawn of the development of Internet technologies, the solution was a simple authorization using a login and password and the ability to change the latter using email. The user registered, could create an account and use it to access the functions of the service. Binding in this case was carried out to the mailbox. However, as time has shown, this method was not reliable enough.
Email binding issues
As new services (forums, blogs, social networks) appeared, it became clear that such a scheme for protecting visitors' personal data is not reliable enough. For example, having gained access to a person's mailbox, attackers can easily change passwords on all services that he used (using the "Recover password" function, this can be done on all sites). All that remains to be done in this case is only to re-create an account, whichmeans a complete loss of data and the need to restore them again.
What is a phone account and its protection
So, due to the incomplete effectiveness of protection by email, many services have resorted to a new method of authorization - using SMS and the user's phone number. We have already discussed how data protection using mail works, as well as what an account is. The phone for developers, on the other hand, has completely new opportunities, because now everyone has it, and it is almost impossible to hack it remotely. It is the phone that is the key that connects the real user with his account, and this is the way the developers of the largest and most advanced projects have gone. Where maximum security was required (social networks, postal services, banking), users began to be shown instructions on how to add an account to their phone and how to properly log in using their mobile. For a while, working with such a scheme made protecting data on the Internet quite effective.
How does linking an account to a phone work
So, how does SMS authorization work? It should be noted that its basis is a randomly generated code that comes to the phone and needs to be entered into the service account. In general, we already know what an account is. The phone must also have a function for receiving SMS messages (and this is available in all mobile devices). With its help, the user sees the code that generated the protection mechanism installed on the site, andenters it in a special field on the side of the account. This is how the client is identified: comparing him in real life and him as a visitor to the site. Given that the sent code is constantly updated, it is impossible to guess it or pick it up with special programs.
Where telephone authorization applies
Scopes of SMS authorization are endless. They can be used to protect any information, access to any service. It should be based only on how much the connection of such a function will cost the organizers of the project and whether it will be rational for them. Do not forget that each SMS is paid, although its cost is several times less than the cost of sending for ordinary users. As already noted, such a solution is beneficial when working with Internet banking, with electronic currencies, with large social networks and various services that provide paid services. And, say, on some information site, where there is only the possibility of commenting on news, it makes no sense to establish such a degree of protection.
Scammers and SMS authorization
Based on the work of such a data protection scheme, fraudsters soon rushed to create their own earnings scheme. It worked as follows: a service was created to provide certain services (for example, a copy of a social network or a blog about earnings, a site with horoscopes or with the most effective diets), after which visitors came there who wanted to receiveinformation or register. The site had a form noting that the user must pass SMS authorization. Trusting visitors took out a mobile phone and waited for an access code. In fact, it was not authorization that took place, but the execution of the “subscription” service, which implies the receipt of paid content in return for regular deductions from the balance of the mobile account of its owner. Thinking that he successfully entered the site, the person actually made out access to a paid site. After numerous complaints, mobile operators stopped such a scam. However, during its heyday, millions of rubles were written off from the accounts of deceived website visitors. The most interesting thing is that the user did not know how to delete an account on the phone (meaning an account with subscriptions). It was possible to refuse the service only by sending a stop SMS to a specific number. Now, by the way, the scheme is operating, but on a smaller scale, since operators have introduced additional conditions for informing subscribers.
Basic Online Precautions
In order not to fall for the bait of scammers and at the same time protect your data, you need to understand how it works, how it works and in general what an account is. The phone holds the key to secure authorization, but it should only be done on trusted services. For example, it makes sense to protect your account on Facebook or Webmoney, while it is not worth going through authorization when downloading a file or reading horoscopes, this may be a fraudulent site. You simply do not need to do this - no data you are on suchYou don’t leave the service, you won’t earn money on the Internet. Finally, think about the importance of the service to you and your safety. And be extremely careful when giving your phone number to anyone, and even more so when receiving an SMS with a code on it.
