With the popularity of various Internet services, which are now functioning a great variety, an urgent issue has been to ensure the security of user data of each of them. Earlier, at the dawn of the development of Internet technologies, the solution was simple authorization with a login and password and the ability to change the latter via email. The user registered, could create an account and use it to access the service functions. The binding in this case was carried out to the mailbox. However, as time showed, this method was not sufficiently reliable.
E-mail binding problems
As new services (forums, blogs, social networks) appeared it became clear that such a scheme for protecting the personal data of visitors is not reliable enough. For example, by gaining access to a person's mailbox, attackers can easily change passwords on all the services that they used (using the "Recover password" function, you can do this on all sites). All that remains to be done in this case is only to re-create the account, which means a complete loss of data and the need to restore them again.
What is an account on the phone and its protection ?
So, in view of the incomplete efficiency of protection by email, many services resorted to a new method of authorization - via SMS and the user's phone. About how the protection of data using mail, we have already disassembled, as well as what is an account. In the phone for developers are completely new opportunities, because now he has everyone, and it's almost impossible to hack him remotely. It is the phone that is the key connecting the real user to his account, and this is the way developers of the largest and most advanced projects have gone. Where maximum security was required (social networks, mail services, banking), users began to show instructions on how to add an account to the phone and how to log in correctly with their mobile phone. For some time working with such a scheme has made data protection on the Internet quite effective.
How the account is linked to the phone
So, how does authorization work with SMS? It should be noted that its basis is randomly generated code that comes to the phone and which must be hammered into the service account. In general, we already know what an account is. In the phone there should be a function for receiving SMS messages (and this is available in all mobile devices). With its help, the user sees the code that generated the security mechanism installed on the site, and enters it into a special field on the account side. This is how the client identifies: comparing it in real life and its as a visitor visiting the site. Given that the code sent is constantly updated, it is impossible to guess it or to pick it up with special programs.
Where to use phone authorization
The scope of using SMS authorization is unlimited. They can be used to protect any information, access to any service. To proceed here follows only from how much connection of such function will cost to organizers of the project and whether it will be rational for them. Do not forget that every SMS is paid, although its cost is several times less than the cost of sending for ordinary users. As already noted, this solution is beneficial when working with Internet banking, with electronic currencies, with large social networks and various services that provide paid services. And, say, on some information site, where there is only the possibility of commenting on news, there is no point in establishing such a degree of protection.
Scammers and SMS Authorization
Based on the work of such a scheme of data protection, scammers soon hastened to create their own scheme of earnings. She worked as follows: a service was created to provide certain services (for example, a copy of the social network or blog about earnings, a site with horoscopes or with the most effective diets), after which visitors visited who wanted to receive information or register. On the site there was a form indicating that the user must undergo SMS authorization. Credulous visitors took out a mobile phone and waited for the access code. Actually, there was not authorization, but the registration of the "subscription" service, which implies getting paid content instead of regular deductions from the balance of the mobile account of its owner. Thinking that he had successfully visited the site, the person actually made out access to the paid site. After a lot of complaints mobile operators stopped such a scam. However, during its heyday, millions of rubles were written off from the accounts of deceived website visitors. The most interesting thing is that the user did not know how to delete the account on the phone (meaning an account with subscriptions). To refuse service it was possible, only having sent stop-sms on certain number. Now, by the way, the scheme operates, but on a smaller scale, since operators introduced additional conditions for informing subscribers.
Main precautions in the network
In order not to fall for the bait of scammers and at the same time to protect your data, you need to understand how it works, how it works and what the account is all about. The phone has a key to secure authorization, but it should only be passed on trusted services. For example, to protect your account on Facebook or Webmoney makes sense, while you do not need to authorize when downloading a file or reading horoscopes, it could be a fraudulent site. You simply do not need to do this - you do not leave any data on such a service, you will not earn money on the Internet. Finally, think about the importance of the service for you and your safety. And be extremely careful, giving your phone number to anyone and even more so getting on it a text message with a code.