TeenSafe, an Android/iOS app designed to help parents monitor their kids’ internet and phone use, left tens of thousands of accounts open and unprotected.According to a report from ZDNet, the online activity monitoring app left at least two of its servers that were hosted on Amazon’s cloud service completely unprotected. This meant anyone who happened to stumble across them could access the information stored within the app. Worse yet, there was no password needed. The exposed servers included email addresses from both parents and children, Apple IDs and passwords, and unique device identifiers. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.
What is two-factor authentication, anyway?
Two-factor authentication (2FA), is a method of confirming a user's claimed identity by utilizing a combination of two different factors: 1) something they know, 2) something they have, or something they are. In other words, using a password is the first step, or factor. An additional factor would be a unique code, key fob, ID card, token, thumbprint or even a retina scan. The point is to have at least two factors to ensure you are who you say you are online.
Two-factor authentication is recommended for added security because it takes the pressure off passwords by requiring another layer of security.. That extra step makes it harder for hackers to breach your information.