Five Most Common Security Attacks on Two-Factor Authentication

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Most Common Security Attacks on Two-Factor Authentication-3 Next

Network-based man-in-the-middle (MITM) attacks are typically dealt with by cryptographic network protocols (SSL/TLS). However, forgery of fraudulent cryptographic certificates, while relatively rare, has shown flaws in this dependency. This can be accomplished by injecting fake root certificates in the browser’s trusted certificate database, or by compromising any of the many root certificate authorities already listed there. If an attacker is able to become an undetected intermediary, they can perform all of the capabilities of the key logging and redirection threat, but with less presence (and detectability) on the user’s computer.

Following some high-profile password hacks, companies like Apple, Twitter and Evernote have moved to shore up their systems with two-factor authentication. Said to be a great missing security link in many password-driven systems, two-factor authentication technologies that are most widely used today are actually fraught with many of the same risks as password-driven systems.

If you’re considering two-factor authentication, you should consider some of the most common attacks, identified by Jim Fenton, CSO at digital identity provider OneID, on two-factor authentication. Of course, there are many more than five attacks in the world, but these should give a starting point for evaluating others. These examples illustrate the importance of thinking broadly about how two-factor authentication can be defeated. You can be assured that the attackers are doing so.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.