The vulnerability of this method is that when a message containing a code is sent to the user’s phone to confirm the login process, this message can be intercepted by attackers. Even though this is two-factor authentication, this method has a flaw.
According to Chashchin, the less convenient but most secure way to log in is to generate a one-time code from a special TOTP app. It is technically impossible to intercept such code; Physical access to the device is required.
The expert also touched upon the issue of biometrics. He stated that although it is a reliable method, many users are afraid to give their biometric information to log in to Gosuslugi and other services. In fact, images, such as faces, are not stored in “pure” form, but simply as a set of characters protected by various types of encryption. But this method regarding “Government Services” is not the most convenient: you can access the portal only from a computer or laptop.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
