Samsung has undoubtedly removed security rabbits from the hat so far in 2020. Perhaps the revelation that Samsung Galaxy S20 smartphones will come with a dedicated secure element, a security chip, will be the highlight. The Android smartphone giant now offers mandatory two-factor authentication (2FA), with millions of users likely to benefit from this security update.
Who gets the compulsory 2FA?
This safety surprise may not be so surprising to those of you who have followed my advice to use 2FA whenever possible. I have been using 2FA as an additional layer of security to protect my Samsung account since its introduction. What has changed, however, is that the Samsung Account app has now been updated to include a mandatory requirement of 2FA. Once your Samsung Account app has been updated to version 11.1.01.3, all account logins will require this secondary layer of authentication.
The mandatory requirement of 2FA will apply to new and existing account holders. They will have to enter a one-time code when connecting, whether or not they have already activated 2FA. The slight flaw in the security ointment is that these existing account holders will not be “forced” into the 2FA process as long as they stay connected. It is only after they have logged out of the account that starting 2FA will be mandatory the next time they try to connect. Personally, speaking like an avowed security geek, I would be happier if force was applied. I prefer to see everyone disconnected from their accounts after updating the application and therefore required to re-authenticate and be part of the 2FA family. Any attacker, however, will need to enter a 2FA code which he does not have access to if he tries to access your account, so security is maintained during the mandatory migration process.
Is 2FA the security messiah?
While such 2FA account access requirements will not avoid you from all security threats, like the critical Android root vulnerability that emerged earlier this week or hacking, it is quite unlikely, from $ 5 SurfingAttack, it is not to sniff. With the immediate availability of standard phishing kits on the dark web and the large number of data breaches that expose login data, passwords are a known weak point. Especially when they are reused on multiple accounts, as many still do or built in such a way that they are not strong enough in the first place. By the way, the FBI, of all people, has good advice for solving the password building problem that is worth reading.
Activate 2FA without waiting for the Samsung Account app update
While it is not clear at this point how long it will take for the Samsung Account app update to roll out worldwide, I would advise readers to get ahead of it and make sure you have activated 2FA anyway. You can check the version of your account application by going to Settings | Accounts & Backup Accounts and selecting your Samsung account. From here, use the vertical ellipsis menu to select “About Samsung Account” and find out if an update is available for you. Otherwise, go back and select the “Password and security” option from which you can activate 2FA anyway. Once you’ve entered your password or used your fingerprint to access the 2FA options, you can then follow the simple instructions to get that vital extra layer of protection added to your account. You will be delighted to learn, I am sure, that there is an option to use an authentication application rather than relying on the much less secure code provided by SMS on the 2FA route from your smartphone.