Five Most Common Security Attacks on Two-Factor Authentication

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Most Common Security Attacks on Two-Factor Authentication-4 Next

Sophisticated malware known as a man-in the-browser – such as Zeus – allows an attacker to falsify a user’s browser display, making the user think that the website is doing what they intend while actually it is doing something completely different, directed by an attacker. The best countermeasure for this is the use of a two-factor technology that independently and securely displays to the user the nature of a transaction being approved. Ideally, this independent display would be on a different device using an independent communications channel.

Following some high-profile password hacks, companies like Apple, Twitter and Evernote have moved to shore up their systems with two-factor authentication. Said to be a great missing security link in many password-driven systems, two-factor authentication technologies that are most widely used today are actually fraught with many of the same risks as password-driven systems.

If you’re considering two-factor authentication, you should consider some of the most common attacks, identified by Jim Fenton, CSO at digital identity provider OneID, on two-factor authentication. Of course, there are many more than five attacks in the world, but these should give a starting point for evaluating others. These examples illustrate the importance of thinking broadly about how two-factor authentication can be defeated. You can be assured that the attackers are doing so.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.