Classifieds is introducing two-factor authentication via SMS today. Classifieds requires this verification via short message whenever Classifieds detects suspicious activity or suspects third-party access. Authentication then takes place like this:
Classifieds continues to inform users via email that their account has been blocked due to unusual activity. But the re-activation now takes place via SMS. Short messages send a code to the user via SMS with which they can authenticate themselves in the portal. Only then do you have the opportunity to set a new password.
As a result, the fraudsters lose the advantage they previously gained by accessing the email inbox. And even if the user does not have access to their SMS at the moment, the classifieds account remains blocked for the time being and is therefore inaccessible to criminals.
Authentication takes place exclusively via SMS. Classifieds does not plan other verification solutions such as One Time Passwords (OTP) or apps.
Previous authentication via email had a major weakness
Previously, authentication was only possible via email. It went like this: If Classifieds noticed unusual activity in a user’s account, customer service reset their login details and asked them to enter a new password. The user received this request by email and had to confirm it by clicking on a link provided. The new access data was then set up via the portal.
The problem with this method: If the hackers had gained access to the victim’s email inbox in addition to the classifieds user account, they were able to intercept the notification email and assign new login details themselves.