Two-factor authentication (2FA) is considered a reliable way to protect accounts, but, as practice shows, it does not always cope with modern cyber threats. IT expert Konstantin Larin from Bastion explained why even with 2FA, Russians remain vulnerable to phishing attacks.
According to Larin, only 40-50% of Russians use two-factor authentication to protect their accounts. In the corporate environment, this figure is higher — 60-70%, but overall, the level of digital security among the population remains low. Most users choose the simplest 2FA methods, such as codes via SMS or one-time passwords, which become an easy target for scammers.
The expert noted that phishing remains the most common way to bypass 2FA. Scammers send victims messages with malicious links that lead to fake pages. Users, unaware of the deception, enter their logins, passwords, and codes from SMS, thereby transferring the data to attackers.
Larin emphasizes that the main reason for successful attacks is human trust and inattention. Users often do not check who they are allowing access to their data and enter codes on fake sites. This is what makes protective mechanisms formal and ineffective.
In addition, many Russians do not use 2FA for various reasons: some consider this measure redundant, some simply do not know about it, and some do not understand how it works. The habit of using the same passwords for different services also remains common, and the risks of data theft are perceived as something abstract until a real incident occurs.
Read more on the topic:
The Ministry of Internal Affairs explained how to behave in a conversation with scammers
Russians were told which password scammers will not be able to pick up