Why is OTP not secure?

Hello Fam,

In today's digital landscape, when all your spending needs are driven online, safeguarding your money is crucial. At Fam, we always consider protecting your money as a non-negotiable and the most important to us over all other responsibilities you have trusted us for!

Until today, you could login to your FamX account with One Time Password (OTP) which we agree is quite easy but allow us to tell you how it compromises with the safety of your money.

The previous OTP method left users vulnerable to social engineering tactics. We have seen many cases where FamApp users receive a message on WhatsApp from an attacker claiming to be an employee at FamApp, offering a reward of Rs. 10K or GPRC give away. The "representative" requests personal details, including an their mobile number & the OTP sent to their phone. They assumed it's legitimate and got tricked. Next thing you know, the attacker enters their account, accessed their FamX account and took out all their money.

Understanding Social Engineering:

Social engineering is a psychological manipulation technique used by cybercriminals to trick individuals into divulging confidential information. It preys on human vulnerabilities, such as trust and curiosity, to gain unauthorized access to accounts or sensitive data.

To prevent this to happen to any of our FamApp users, and to make sure your money is completely safe, we're rolling out Two-Factor Authentication (2FA) on FamApp, because protecting your hard-earned money is non-negotiable. Let's delve into why this step is crucial and how it works.

Understanding 2FA:

2FA or Two Factor Authentication is a security process that requires two authentication methods to gain access to an account. It adds an extra layer of protection beyond just a password. Think of it as having both a key and a combination lock on your vault.

How It Works on FamApp:

  1. SIM and Device Binding: This involves uniquely binding your device to registered phone number. This involves sending an SMS from your registered phone number to us to verify your identity.
  2. Email Verification: As part of additional security step we verify your email id too.

Why 2FA Is Your Shield:

  1. Enhanced Security: By requiring multiple forms of authentication, 2FA significantly reduces the risk of unauthorized access. Even if a hacker obtains your phone number, they'll still need access to your SIM card and email to breach your account.
  2. Protecting Your Assets: Your FamApp account houses your financial resources. Implementing 2FA ensures that your funds remain secure and inaccessible to malicious actors.
  3. Combatting Social Engineering: 2FA acts as a barrier against social engineering attacks. Even if you're tempted by enticing offers or urgent requests for information, the additional authentication step provides an extra layer of defense.

FAQs

What happens if I don't have access to my SIM card or email during login?
In such cases, you will encounter difficulties accessing your account. It's essential to ensure that you have access to both your SIM card and email for seamless authentication. Even during the OTP login system, you would still need access to your sim card to enable UPI payments on FamApp, so that hasn't changed. We have just introduced this step during the entry-point to keep your funds safe.

Can I disable 2FA if I find it inconvenient?
At FamApp, we prioritize the security of your account. Disabling 2FA is not an option, as it significantly enhances the protection of your funds and personal information and is just a one-time action.

I'm having trouble receiving the silent SMS. What should I do?
If you're experiencing issues with receiving the silent SMS on iOS, ensure that your device has an active internet connection and try sending the SMS again. If the problem persists, reach out to our support team for assistance.

Is 2FA mandatory for all users?
Yes, 2FA is mandatory for all users on FamApp. We're committed to ensuring the highest level of security for our users, and 2FA is a crucial component of our security measures.

Can I use the same email address and mobile number for multiple FamApp accounts?
No, each FamApp account must be associated with a unique phone number & email address. You can only use one account on your device and the same person cannot have more than one account.

What should I do if I suspect unauthorized access to my account despite having 2FA enabled?
If you suspect unauthorized access to your account, immediately change your password, revoke access to any connected devices, and contact our support team for further assistance. We take security incidents seriously and will investigate the matter promptly.

I've lost my phone with the SIM card linked to my FamApp account. What should I do?
If you've lost your phone with the linked SIM card, contact your mobile service provider to deactivate the SIM card. Additionally, reach out to our support team to assist you in securing your account and updating your authentication methods.

Remember, if you have any further questions or concerns regarding 2FA or any other aspect of FamApp, don't hesitate to reach out to our dedicated support team at support@famapp.in. We're here to help ensure a secure and seamless experience for all our users.

Until next time. Till then, Stay Vigilant, Stay Secure.