LabsMobile news

LabsMobile increases the platform’s security

Mar 10, 2021
LabsMobile increase security
LabsMobile increases the platform’s security
5 (100%) 28 votes

In 2021, LabsMobile increases the security of the platform due to the exponential increase of online fraud cases. To protect the clients’ data and their credits, we have activated 2FA authentication. In this way, non-authorized accesses will be stopped. 

History

In the last year, with the COVID-19 pandemic, we have seen an exponential increase in the cases of SMS phishing and our platform hasa been a target for the last few months. We have suffered attacks and unauthorized accesses not allowed every day. 

We should note that forbidden access can see all the data of the account (delivery history, databases, etc).Besides, they can use the available credits and they can purchase credits or even use up to the limit of the stored cards.

LabsMobile’s Solutions 

LabsMobile’s agreements with operators make them implement every available method to avoid non-desired or fraudulent messages. Not complying with these clauses or sending mass messages with fraud or phishing practices can harm LabsMobile in the form of sanctions, cancellation of agreements, or even complete blocking of routes. 

So, access not allowed or even losing a password poses a risk for our clients and our platform, too. Then, we need to address and mitigate these risks, and 2FA authentication can increase security and avoid these risks.

We understand that this measure is a bit annoying for our clients but it’s for their safety and protection of their data. Many other digital platforms and financial institutions have already adopted these measures and they are likely to become standard in the near future. 

You need to take into account that, once you have logged in, this access lasts for more than 24 hours.

What is 2FA authentication in LabsMobile? 

When defining 2FA (Two factor authentication) you need to understand that login in has 2 steps, validating your identity. You need to prove you have authorization to access the account. 

The most used methods for authentication for this type of processes are: 

  • Safe password (longer than 8 characters with symbols).
  • Temporary code (sent via SMS, email, app) and it expires in just a few minutes.
  • An app that randomly generates codes (as Googe Authenticator). 
  • In-app validation (validation of an independent mobile app by reading your fingerprint, facial recognition, or an independent password). 
  • Coordinate card (with a collection of unique codes). 
  • Having a hardware device (a validation button or USB that is only useful if it’s connected to the device that intends to access the account). 

 

LabsMobile has adopted the first three as methods for its authentication process.

What does LabsMobile authentication consist of? 

Once the user has entered (using the email or username and password), then you need to introduce the 2FA code (double-factor authentication code). This code will be sent via email (by default) and it’s also possible to receive the 2FA code via SMS or using the Google Authenticator app. 

Using an authentication process it’s possible to resend the code and change the delivery method. After 5 failed tries, the access is blocked for 24 hours. You’ll need to contact our Support Center to unblock the access and verify that there’s no problem with the settings of the account. 

How does 2FA authentication work?

Accounts that are obliged to log in via 2DA in WebSMS are:

– Accounts that have the LabsMobile design (not for white label). 

– Accounts that have signed a service contract (have introduced the billing data and have validated a mobile phone). 

– Accounts that have not signed the contract yet but have manually activated 2FA.

Cuentas que tengan el diseño LabsMobile (no para las de marca blanca).

LabsMobile increases the platform’s security

The Process:

The process is the following: 

  • When introducing a valid user and password, you’ll see a screen where to introduce the 2FA code. 
  • The code is sent to the device set by default in the section “Security and passwords” of your account. If you have not selected any, your email address will be set by default.
  • It’s possible to do a resend and a change of method after 60 seconds.

To remember: 

* There’s a maximum of 5 failed attempts within 24 hours. If you reach this maximum, no 2FA will be sent within 24 hours. You’ll need to contact support to enable access again or wait 24 hours. 

* 2FA codes sent by SMS or email are valid for 30 minutes. 

Conclusion

LabsMobile’s platform is safer now and so is the information stored in our clients’ accounts. This important data will not be compromised even if you forget or lose your password. 

LabsMobile is seriously committed to maintaining SMS as a useful and efficient channel of communication, free of fraud and unsolicited messages.