One-time passwords raising concerns over phishing attacks, SIM swapping

WASHINGTON (TND) — One of the most convenient ways to log into an app has cyber security professionals concerned, with some saying one-time passwords should go away completely.

Some experts say these passwords when they are sent via text are more vulnerable to phishing attacks and SIM swapping. But others say, despite the safety concerns, how you protect yourself is more important.

Amanda Fennell, an adjunct Professor at Tulane University and cyber security expert said that one-time passwords act as a secondary way of authenticating your security.

"So it would validate that they either have the email like access their email or SMS and a text message," Fennell said.

She said just like many things one-time passwords are vulnerable to cyber criminals. For example, when the text message is initially sent.

"That exchange right there is an opportunity for someone to exploit because they may have the phone, they may have their email," said Fennell.

Fennell believes we are moving towards a pass-wordless society, but we're not there yet, which is why one-time passwords are still necessary.

Absolutely. We want to go to a pass-wordless realm. Is everybody ready for it? No. So in the meantime, we have to make do with what we have," said Fennell.

Rajiv Garg, a professor of information systems at Emory University recommends instead of SMS, one better option for security is an authenticator app.

"You have to log in or go on the app and it's going to give you a one-time password and then you enter," Garg said.

At the very least he said, set up two-factor authentication.

"You will log in with your password, a code will be sent, you enter the code after your password is validated and then you're able to log into the system," Garg said.