Double authorization or security of the VK page. Setting up an application for generating codes in VK

We have already talked about hacking a VKontakte page (see how to hack a VKontakte page). Attackers can find out your login and guess your password (see how to find out your password if you know your VKontakte login). And then they will be able to visit your page.

To prevent this from happening, VKontakte introduced an additional security measure - double authorization (two-factor). The meaning of this function is that after entering your login and password, you also need to indicate the secret code received via SMS or other means. Thus, the likelihood of hacking is reduced significantly. Even if attackers know your credentials, they won't have the code to log into the page.

Now I will show you how to activate double authorization on VKontakte and set up an application for generating codes.

How to enable two-factor authentication on VKontakte?

Go to your page and go to the “Settings” section.

Open the “Security” tab. Here in the “Login Confirmation” section, click the “Connect” button.

A form will open - in it, click the “Proceed with configuration” button.

You will be asked to re-enter the password for the page (see how to change the password in a contact). Do this and click the "Confirm" button.

Receive the code on your phone and enter it in the form. Then click the "Submit Code" button.

Setting up an application for generating codes

The next step is setting up the application to generate codes. You are offered to install an application that will allow you to generate login codes, even without connecting to a cellular network.

Use Google Authenticator for iPhone and Android smartphones. And Authenticator - for phones in Windows Phone. Install the appropriate application on your gadget.

This is what a window with a QR code and a secret code in VK looks like.

Now launch the installed application and scan the specified code.

Now paste the received code from the application and click the “Confirm” button.

The code generation application has been successfully configured!

You will be taken to the Security tab. Now you can do the following operations here.

Change your phone number (see how to unlink a number from a VK page);
Show a list of backup codes;
Set up an application for generating codes;
Configure application passwords;
Disable two-step authentication on VKontakte.

Video lesson: two-factor authentication on VKontakte

(1 participants, average rating: 5.00 out of 5)

vksetup.ru

VKontakte login confirmation

So, the next update is the “Login Confirmation” function, and today we will do a full review of it. We'll tell you how it works, how to enable it, configure it or disable it.

Each registered user wants to save his personal data, which is used when logging in, and does not want his personal documents (photos, correspondence, etc.) to become public. This is why the developers of the social network are doing everything to prevent this from happening.

What is login confirmation

Login confirmation provides an additional level of protection for your VKontakte page from hacking. When using this function to access the page from unregistered browsers and devices, in addition to the password, you will need to enter a security code.

The code can be obtained using the phone number linked to your page.

Attention! When login confirmation is enabled, the password recovery service by phone number becomes unavailable. Therefore, we strongly recommend that you attach a current e-mail to the page, indicate your true first and last name, and upload your real photos as the main ones before continuing with the setup.

How to connect login confirmation to VK

To enable this option, you will need to go to the “Settings” menu item and there, on the “General” tab, find the “Your Page Security” section.

By clicking on the “Connect” button, a system window will open in front of you, where you will need to click “Go to settings”. Next, the system will ask you to confirm your action by entering a password:

By entering your password and clicking on the “Confirm” button, you will launch this option. But, do not forget that after connecting it, one mobile number for password recovery will not be enough. You will need to submit your application for consideration by moderators.

If you have any questions, ask them on our vk.com forum and our moderators will answer you as soon as possible!

VKontakte login confirmation, 4.8 out of 5 based on 4 ratings

socialnie-seti.info

The social network VKontakte has strengthened account protection

The official group “Administration of VKontakte communities” described on its page how you can activate a new feature designed to enhance the security of user accounts. The innovation will be especially useful for administrators of large communities. It is no secret that their pages are especially often hacked in order to take over the communities that belong to them.

– You can activate the new function in the “My Settings” menu, the “General” tab, the “Your Page Security” group of settings. Opposite the “Login confirmation” item, click the “connect” button.

Login confirmation adds a new level of verification when authorizing on the site. To access the page, it is no longer enough to provide the correct login and password; you must also enter a special confirmation code.

You can receive a confirmation code via a free SMS to the mobile number linked to your page, or set up and use a special application for your smartphone. It is also recommended to print out a list of backup codes so that you can use them if something happens to your mobile phone.

The confirmation code is valid only once, so even if your login, password and the code used are spied on or intercepted, you still won’t be able to access the page with their help, says a message on the official page of the “administration of VKontakte communities.”

If you remember this browser during authorization, later to log in from it you will only need to enter your login and password (the code will no longer be required).

You can reset verification codes on all devices (or just the current one) whenever you want. In this case, the next time you try to log in, the system will ask you for a confirmation code again.

It is also reported that in the event of a SIM card theft, login confirmation will protect against possible hacking of the page.

– If additional confirmation is enabled, then instead of quick password recovery via SMS, password recovery by e-mail will be used. Thus, in order to gain access to the page, the hacker will need to simultaneously steal your SIM card and also find out the login and password for your personal page or mailbox.

It is almost impossible to do these things at the same time, says the official page of the “administration of VKontakte communities.”

It will be possible to regain access to a page if the user has forgotten the password for it, as well as his email, or, say, has lost his mobile phone and backup data, only using the “access recovery form.”

– Therefore, we strongly recommend that you design your page in accordance with the site rules: indicate your true first and last name on it and upload real photographs as the main ones. Otherwise, the site administration will not be able to return it to you in order to ensure the requested level of security, reports “Administration of VKontakte Communities.”

An example of a properly designed page

An example of an incorrectly formatted page

Double authorization or VK page security

In 2014, the social network VKontakte introduced two-factor authentication. What is this? This is an additional security feature - in addition to authorization using a login and password, you must enter a code that will be sent to the phone number associated with your account. Even if an attacker has data from your page, he will not be able to get into it.

How to activate two-factor authentication?

Click “My Settings” and select the “Security” tab. Here you will see the “Login Confirmation” subsection and the inscription: “Provides reliable protection against hacking: to enter the page you must enter a one-time code received via SMS or other connected method.” Click on the “Connect” button.

A window will appear that describes some situations. For example, if two-factor authentication is enabled, then password recovery by number becomes unavailable and the administration strongly recommends linking a current email address to the page. If you are satisfied with everything, click on the “Proceed with setup” button.

Enter the password for the page.

Enter the confirmation code and click “Send code”.

The function is enabled. Place a checkmark next to “Remember current browser” so as not to enter the code on this computer every time, then click on the “Finish setup” button.

How to disable two-factor authentication?

Still in the same “Security” section, click on the “Disable login confirmation” button.

Enter the password for the page.

The popular social network VKontakte tightened the rules for registering accounts several years ago. Now, in order to create a page, the user must indicate a valid mobile phone number, to which a message with a code will subsequently be sent.

Only after entering the resulting digital value will it be possible to create an account and use it. However, there are a number of effective ways to register in a contact without a phone number

. I will tell you more about them in this article.

So, mistake number 1. Static secret key.

To connect an OTP generation application to his account, the user enters a password, after which a page opens with the secret key necessary to issue a software token. So far so good.

But if for some reason the user did not activate the software token immediately (for example, he was distracted by an important call, or simply changed his mind and returned to the main page), then when after some time he decides to receive the token, he will again be offered the same secret key.

What makes the situation worse is that within half an hour after entering your password, even if you went to the main page or logged out of your account and then logged in again, the password is not requested again before the QR code with the secret is displayed.

Why is this dangerous?

The VKontakte token, like any other TOTP token, works on a fairly simple principle: it generates one-time passwords according to an algorithm based on two parameters - time and a secret key. As you yourself understand, the only thing needed to compromise the second factor of authentication is to know the SECRET KEY.

Such a vulnerability leaves two loopholes for an attacker:

If the user walks away from the computer, the attacker will have enough time to compromise his private key.
Having taken possession of a user's password, an attacker can easily spy on his secret key in advance.

Solving the issue is simply simple. The secret key must change every time the page is updated, as happens, for example, on Facebook.

How to register in VK without a phone

VKontakte registration follows a specific template, with the main step being the link to the user’s mobile phone number. It is not possible to skip it, since otherwise it will not be possible to create a page.

But the system can be deceived, and there are at least two ways to do this:

using a virtual number;
indication of a current Facebook page.

Each of the listed registration options provides a specific algorithm of actions, following which you can count on quickly creating an account and access to all options of the Vkontakte social network.

1.1. Registration in VK using a virtual number

You can complete the registration procedure on social networks using a virtual number for receiving SMS. To do this, it is best to use the recognized international service Pinger (the official website address is https://wp.pinger.com).

Step-by-step registration in the service is as follows:

1. Go to the site, select “TEXTFREE” in the upper right corner of the options screen.

3. We go through a simple registration procedure for the service by first pressing the virtual “Sign Up” button. In the window that appears, indicate your login, password, age, gender, email address, and the displayed alphabetic abbreviation (“captcha”).

4. If all previous steps have been completed correctly, click on the arrow in the lower right corner of the screen, after which a window will appear with several phone numbers. Choose the number you like.

5. After clicking the arrow, a window will appear in which received messages will be displayed.

You can always view the selected virtual phone number in the “Options” tab. When registering in VK using the method under consideration, you should enter the USA in the country selection field (the international code of this country begins with “+1”). Next, enter the virtual mobile number and receive a registration confirmation code. You may need your Pinger account later if you lose your password, so you shouldn’t lose access to the service.

At the moment, creating an account using a virtual number service is considered one of the fastest and most effective methods of registering on social networks. Its main advantage compared to other options is anonymity, because a virtual phone number cannot be tracked or proven that it is used by a specific person. However, the main disadvantage of this method is the impossibility of restoring access to the page if access to Pinger is lost.

IMPORTANT! Many Internet users have difficulty completing the registration procedure in foreign virtual telephony services. This is due to the fact that many providers block such resources in order to prevent illegal activities on the World Wide Web. In order to avoid blocking, there are several options, the main one of which is changing the computer’s IP address to a foreign one. In addition, you can use anonymizers, for example, the Tor browser or the ZenMate plugin.

If you're having trouble using Pinger, there are a ton of services online that provide virtual phone numbers (e.g. Twilio, TextNow, CountryCod.org, etc.). A number of similar paid services with a simplified registration procedure are also actively developing. All this allows us to say that virtual telephony has solved the problem for many users of how to register in VK without a (real) number.

1.2. Registration in VK via Facebook

The social network “Vkontakte” is one of the most advertised Russian sites, which is in demand far beyond the borders of the Russian Federation. The desire of the owners of this resource to cooperate with other world-famous social networks, in particular with Facebook, is quite justified. As a result, page owners in the mentioned service have the opportunity to simplify Vkontakte registration. For those who do not want to “share” their data, this is a unique chance to register on VK without a phone and deceive the system.

The algorithm of actions here is quite simple and the first thing you should do is use an anonymizer. It’s best to go to the “Chameleon” service, since the start page already has links to all popular social networks or dating sites in Russia. This resource allows you to access pages on Odnoklassniki, VKontakte, and Mamba, even if they are blocked by the site administration.

Many people will naturally ask why they need to use anonymizers. The VKontakte social network automatically recognizes from which country you came to the registration page. This is roughly what the registration procedure looks like for residents of Russia and most post-Soviet countries:

And this is what the same page looks like, but if you access it outside the Russian Federation:

In the lower right corner of the screen there is a discreet Login with Facebook

. Click on it, after which a window for entering your email address and password will instantly appear:

After filling out the fields, you will be redirected to your own VKontakte page, which you can subsequently edit at your discretion. To implement the presented method, you need a page on Facebook, but the procedure for creating an account there does not require entering a mobile phone number (only an email address). Facebook registration is one of the most understandable, as a result of which it will not cause any particular difficulties even for an untrained computer user.

According to the latest rumors, the foreign analogue of Vkontakte is going to tighten the rules for using the resource, so the described method may soon become obsolete. But for now, Facebook remains an accessible way to register on VK via email without a phone number. Its advantages are quite obvious - anonymity and simplicity. It also takes a minimum of time to create a page, especially if you already have an account on Facebook. The method has only one drawback: it is the impossibility of restoring data lost by the user (password to log into the account).

1.3. Registration in VK via email

Many users are concerned about the question of how to register in VK via email

. Previously, one email account was enough to create an account, but since 2012, the management of the social network introduced a mandatory rule for linking to a mobile phone. Now, before specifying an email address, a window pops up asking you to enter a mobile number, to which a message with a personal code will be sent within 1-2 minutes.

Previously, many users indicated an 11-digit landline number instead of a mobile phone, launched the “Let the robot call” function, and then created a page using the code suggested by the computer. The main advantage of this method was the ability to register on Vkontakte for free and an unlimited number of times. In practice, it turned out that an endless number of pages were registered on the same landline number from which spam, offensive messages or threats were sent. Due to user complaints, the administration of the social network was forced to abandon the option of creating an account through landline phones, leaving the ability to receive the code only on mobile networks.

No matter what anyone claims, today it is impossible to register in VK via mail without a mobile phone number

. At the same time, full access to the email account must be provided, since with its help there is an additional opportunity to recover a lost password or receive up-to-date news about innovations on the social network. Email may also be needed if a page is hacked. By sending a corresponding request to the technical support service, a letter will promptly be sent to your inbox with instructions on how to restore access.

To summarize, it should be noted that the topic of how to register on VKontakte for free, without a real mobile phone number and entering personal information, is rapidly gaining momentum. Increasingly, hundreds of programs are appearing on the Internet to hack or bypass established registration rules. Most of them are spam or malicious viruses that do no good in solving the problem. The VK administration is making great efforts to reduce the number of fake accounts and protect its users. As a result, only the two listed methods of creating pages without specifying a personal phone number are considered effective.

If you know other options on how to register in VK without a number, write in the comments!

We have already talked about hacking a VKontakte page (see). Attackers can find out your login and guess your password (see). And then they will be able to visit your page.

To prevent this from happening, VKontakte introduced an additional security measure - double authorization (two-factor). The meaning of this function is that after entering, you also need to indicate the secret code received via SMS or other means. Thus, the likelihood of hacking is reduced significantly. Even if attackers know your credentials, they won't have the code to log into the page.

Now I will show you how to activate double authorization on VKontakte and set up an application for generating codes

macOS

Requires El Capitan operating system or higher.

Click on the apple icon in the upper left corner of the screen, select “System Preferences” → iCloud → “Account”. You can speed up the process by searching for iCloud in Spotlight Search. Then click the Security icon and enable two-factor authentication.

You can choose how Apple confirms sign-in: with a six-digit code in a message or a phone call.

How to enable two-factor authentication on VKontakte?

Go to your page and go to the “Settings” section.

Open the “Security” tab. Here in the section, click the “Connect” button.

A form will open - in it, click the “Proceed with configuration” button.

You will be asked to re-enter the password for the page (see). Do this and click the "Confirm" button.

Receive the code on your phone and enter it in the form. Then click the "Submit Code" button.

Setting up an application for generating codes

The next step is setting up the application to generate codes. You are offered to install an application that will allow you to generate login codes, even without connecting to a cellular network.

Use Google Authenticator

for iPhone and Android smartphones.
And Authenticator
- for phones in Windows Phone. Install the appropriate application on your gadget.

This is what a window with a QR code and a secret code in VK looks like.

Now run the installed application and scan the specified code.

Now paste the received code from the application, and click the "Confirm" button.

The code generation application has been successfully configured!

You will be taken to the Security tab. Now you can do the following operations here.

The largest social network VKontakte has introduced two-step authorization on the site. Now, if the user wishes, in addition to entering a login password, he can protect his account by entering a PIN code. The VKontakte PIN code will provide better protection of your data from hacking. How to activate and correctly configure the “Login Confirmation” function of VK. You can also find out how to use this function correctly by reading our article.

So, let's get you up to speed. The developers have been seriously concerned about the problem of protecting the personal data of their VK users for a long time. At first, hacking the page was a piece of cake, but over time, security methods became more and more complex. And now in the battle of hackers against Contact there has been a serious advantage in favor of the latter.

After linking the account to a mobile phone number, the developers managed to significantly reduce the wave of page tampering. Soon the same developers optimized everything that had been developed over the years - by entering a PIN code for VK. Now everyone who has a VKontakte account can set up the PIN code function. Thus, the user receives double protection for his account.

To authorize, in addition to filling out the login and password fields, you will need to enter a special code that will be sent to you via a free SMS message. Naturally, this SMS will be linked to the number of your mobile operator. If you don’t want to bother with SMS messages, then you can use a special application for your smartphone - a code generator for VKontakte. It is also strongly recommended to copy yourself a list of backup codes that you can use if you don’t have your phone at hand. You should immediately reassure some “lazy” users - the PIN code comes only upon your request and only after you activate this function.

In order to enable “Login Confirmation” in Contact, you need to go to the “My Settings” menu on your page.

In the
“General”
, find the
“Your Page Security”
.
Opposite the “Login Confirmation” item,
you must click on the
“Connect”
.

Now, when you log into your VK account, you will be prompted to “Enter the code.” Which, in fact, is what you should do.

The pin code will only be valid once. One input - one PIN code. Even if “evil people” manage to get your PIN code and login with your VKontakte password, they will not be able to use them. And you will receive in the form of a pop-up window the message “An attempt was made to log into your account from an IP which will contain the IP address of the computer from which they tried to illegally log into your account.

In this case, you should not panic, because... The contact has already prevented an attempt to hack your page. And you will be able to identify and punish a person caught in trouble by the IP address of his computer.

If you do not want to use the PIN input function because, for example, you are at home and log in from your PC. Then you should use the “Remember Browser” function; to activate it, you just need to check the box that pops up. The function will allow you to remember the location and your native browser from which you log in and you will no longer need to enter a PIN code for this browser on your PC. At any time, you can reset all settings either on the current device or on all verified devices.

IMPORTANT! You cannot simply disable this function of confirming entry with a PIN code. When you first log in from your browser on a computer, laptop, smartphone or telephone, you should enter your PIN code once and be sure to check the “Remember browser” box. After this, you will not need to enter your PIN code every time you log into VK from these devices.

If your SIM card is lost or fails, and the PIN code confirmation function is activated, you can use the recovery form via email. The introduction of two-step authorization will protect your personal data, and your account will always be protected by the VK security service.

The practice of double entry is already successfully used in many large social networks such as Twitter, Facebook, Google. Many online banks also use a confirmation PIN. And finally, VK.com has also strengthened the protection of our personal data.

«In contact with

always cares about your safety” - from the very first days of its existence, this motto has been an integral part of this social network. networks. And today another very big and significant step has been taken to secure your account!

Connecting an additional verification method

The new login confirmation feature will allow you to further protect your account from “unwanted” visitors. The feature was added relatively recently and is available to all users. Let's look at the connection steps:

You can activate our function by going to “ My Settings”

", open the "
General
" tab, subgroup of settings "
Security of your page
".
Opposite the “ Login confirmation
” item, click “
connect
”.
Now we have protected our page and activated the feature.
From now on, entering the correct login & password pair will not be enough to access your page. You will need to enter a special code sent to you via SMS. Please note that you need to tick the appropriate boxes. The code sent via SMS message is valid only once, which provides maximum protection against selection. That is, even if the code is intercepted or “sniffed on the phone,” it will no longer be possible to log in. Please note that the “Application for generating codes” function does not inspire confidence in me personally and is not at all convenient. I advise you to turn it off. Let's move on, dear readers. Constant use of proven devices

VKontakte took care of people’s nerves and decided to save us from endless checking on trusted devices. When you log in, you will have the opportunity to remember this device and save yourself from a ton of SMS messages.

Backup codes can help if you've lost your phone or can't receive a verification code via SMS, voice call, or Google Authenticator app. Below is information on how to create backup codes. You can also use them if you don't have a token.

The set consists of 10 backup codes. New codes can be created at any time, but the previous set of codes automatically becomes invalid. In addition, each backup code used becomes invalid.

iOS

To enable two-factor authentication, your device must be running at least iOS 9. The steps required may vary slightly depending on the mobile operating system version.

If you are using iOS 10.3 or higher, then go to settings, click on your name and select “Password & Security”. This way you can enable additional protection: the system will send a text message with a code every time you try to log in.

If you have iOS 10.2 or earlier, you can find two-factor authentication under iCloud → Apple ID → Password & Security.

How to create and view a set of backup codes

To create a set of backup codes:

Sign in to your account at https://myaccount.google.com/security/signinoptions/two-step-verification.
Find the "Backup Codes" section.
Click Settings
or
Show Codes
.
Print or save your current backup codes. Create a new set if your current codes may have been stolen or you have used most of them. To do this, click the GET CODES
.

Note.

Can't find the codes you downloaded? Search your hard drive for “Backup-codes-imyapolzovatelya.txt” and enter your username. For example, a user named google123 would search for "Backup-codes-google123.txt".

So, the next update is the “Login Confirmation” function, and today we will do a full review of it. We'll tell you how it works, how to enable it, configure it or disable it.

Each user wants to save his personal data, which is used when logging in, and does not want his personal documents (photos, correspondence, etc.) to become public knowledge. This is why the developers of the social network are doing everything to prevent this from happening.

What is login confirmation

Login confirmation provides an additional layer of protection against hacking. When using this function to access the page from unregistered browsers and devices, in addition to the password, you will need to enter a security code.

The code can be obtained using the phone number linked to your page.

How to connect login confirmation to VK

To enable this option, you will need to go to the “Settings” menu item and there, on the “General” tab, find the “Your Page Security” section.

By entering your password and clicking on the “Confirm” button, you will launch this option. But, do not forget that after connecting it, one mobile number will not be enough. You will need to submit your application for consideration by moderators.

If you have any questions, ask them on our site and our moderators will answer you as soon as possible!

Today we will talk about one of the most effective methods of protecting your VKontakte page. We will set up authorization on the site in such a way that it will be impossible to access your page until you enter the code received from the SMS that will be sent to your phone number linked to your account. That is, everything will happen in the same way as you use Internet banking.

Therefore, before you start setting up anything, make sure that the current number is attached to your VK page and you are not going to change it. .

The function is quite useful; if you are afraid for your page, then the steps taken will increase its security significantly. Let's get to practice

Signing into a Google user account using backup codes

If you lose your phone or are otherwise unable to receive codes via SMS, voice call, or Google Authenticator app, you can sign in using backup codes. They are available on your account page.

These codes are generated in sets of 10. At any time you can create a new set, automatically deactivating the previous one. Additionally, the backup code will be invalidated once it is used to log in.

We recommend keeping the code with other valuable items. Just like the code on your phone, backup codes are only useful in conjunction with your password.

Create and display a set of Google backup codes

To create a new copy code set:

Sign in to your account at https://www.google.com/accounts/SmsAuthConfig.
Find the section “Backup codes for printing”.
Click Show/Generate Codes.
You can print or download them. If you think this set of codes has been stolen or you need a new set of unused codes, click Generate new codes.

Login to Google using backup codes

Find your backup codes.
Open the page for the Google service you want to log in to (for example, Gmail).
Enter your username and password.
Enter the backup code in the field next to the phone icon.
Please note: Since each code can only be used once, please mark it as used.

How to enable login confirmation on VK

In the top menu in the right corner, click on the button with your miniature and select “Settings” from the drop-down list:

At the next stage, go to the “Security” tab. At the very top we find the “Login Confirmation” section and click on the “Connect” button:

Next, we are provided with a whole petition about confirming your password using a mobile phone. They write how good it is for you and how bad it is for attackers. They also warn that if you enable this function, password recovery by phone number will become unavailable, and therefore we are asked to link the current email and indicate all the correct data on the page. So that it can be easily restored later. ().

We read all this and click on the “Proceed with setup” button

A pop-up window pops up in which we need to enter the password for the page and click on the “Confirm” button:

We enter the confirmation code that should have arrived on our phone and click on the “Send code” button:

The following window pops up, in which they write to us about backup codes and ask us not to forget to print them.

Reserve codes – a list of 10 access codes. These are constant numbers, they do not change and can be useful if you want to go to the page and your phone is unavailable at that time. You can enter one of these codes and get to the page. That's why it's important to print this list and have it with you.

Click on the “Finish setup” button:

Backup codes can be viewed in the same “Security” section. We find the phrase “Backup codes” and opposite it click on the “Show list” link next to it.

That's it, the function is disabled, we have completed the task.

And with this I will finish this article, I hope that the knowledge gained was useful to you and you implemented it, thereby securing your VKontakte account.

Not long ago we published an article on how to protect your VKontakte account from being hacked by hackers and scammers. Unfortunately, many social network users don’t even think about ways to protect their accounts until they become victims of attackers.

One of the most effective ways to make life difficult for hackers of other people’s accounts is to enable VKontakte login confirmation. After entering your login and password, the service will ask for a special password from an SMS or an application on a smartphone, which is quite difficult for a hacker to obtain.

Today we will take a closer look at how to enable two-factor authentication on VKontakte.

Excursion into 2FA

At a time when sites worked over HTTP and no one really thought about security, intercepting traffic with credentials was not at all difficult. Then traffic began to be encrypted, and hackers had to come up with more sophisticated ways to spoof and redirect routes. It would seem that two-factor authentication has finally solved the problem, but the whole point is in the details of its implementation.

Warning . All materials and methods presented below are presented solely for informational and experimental purposes. We remind you that hacking of users’ personal pages and collecting data illegally is punishable by the legislation of the Russian Federation (in particular the Criminal Code of the Russian Federation). Be careful and experiment only with your own or test accounts!

The 2FA (Two-Factor authentication) method was invented as an additional way to verify the account owner. It is based on several authentication methods:

the user knows something (for example, he can answer what his mother’s maiden name was or the name of his first pet);
the user has unique characteristics that can be digitized and compared (biometric authentication);
the user has a device with a unique identifier (for example, a mobile number, a flash drive with a key file).

The first method is also used when recovering passwords using security questions. It is not suitable for regular use, since the answers do not change and can be easily compromised. The second method is more often used to protect data on mobile gadgets and to authorize client applications on servers.

The most popular 2FA method is the third one. This is an SMS with verification codes generated using OTP technology. The code you receive is different every time, so it is almost impossible to guess it.

How is VKontakte hacked?

One of my friends on the social network, Alisa Selezneva, added friends to the conversation with a request to vote for her in the competition using the link. At first glance, there is nothing unusual - many girls participate in various competitions that promise various prizes and often turn to their friends with requests to give them their vote or the coveted like.

But in our case, the burglar who stole my friend's identity was in too much of a hurry. He added all the friends from the hacked account's contact list to one conversation. How often do you create a conversation with all of your friends, relatives, colleagues and neighbors?

By the way, if you insert any other name into the search bar, then the name in the list of contestants will also change.

When you click on any link, a window opens asking you to log in to the VKontakte social network. And here is the real goal of the attacker. The fake login window suggests that the real goal of this phishing site is to get your login usernames and passwords.

This hacking method is very, very simple. The attacker is not yet trying to persuade you to transfer him some money in a personal conversation, is not arranging a meeting, simultaneously asking you to put money into your phone account for a call, or is not trying to get your personal photos for blackmail. Most of the actions occur automatically, and as a result, the hacker ends up with a database of logins and passwords of inattentive users.

What else do you need to know?

For users who post a lot of personal information and photos on VKontakte, losing control over the account can be a real tragedy. The methods presented earlier will certainly help protect your computer from hacking by hackers and unauthorized persons, but this cannot be completely guaranteed. In order not to lose control over your own VKontakte profile, you need to know how to secure your VK page.

Never publish personal information: your phone number, email address, etc. This only makes the task easier for attackers and hackers. Don’t make dubious acquaintances on the Internet, don’t add people you don’t know as friends. This will allow you to secure your VKontakte page, since, according to statistics, hackers most often hack profiles with a large number of subscribers.

You can secure your VK page, as in other social networks, through proper communication with strangers. Do not give them passwords, do not click on unfamiliar links, and do not let your guard down under any circumstances.

We cannot get rid of the criminals who are eager to take over our money in any way, coming up with various sophisticated schemes, hacking our pages on social networks, but we can protect ourselves from the possibility of becoming a victim of such hacks by simply being vigilant and attentive.

Good luck to everyone and secure accounts!