Five Most Common Security Attacks on Two-Factor Authentication

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Most Common Security Attacks on Two-Factor Authentication-5 Next

You also need to consider what happens if you lose one of your authentication factors (or if an attacker pretends to). If the response is to temporarily disable two-factor authentication, then an attacker might be able to social engineer the account recovery process to get access to the account. Worse yet, if you’re using knowledge-based authentication (“What was the name of your first pet?”) for account recovery, these answers are often very easy for an attacker to guess and provide much worse security. Remember that the attacker will pick whatever is the weakest point in your authentication system to attack. It was account recovery more than the lack of two-factor authentication that exposed Mat Honan of Wired Magazine to a widely reported and devastating attack last year.

Following some high-profile password hacks, companies like Apple, Twitter and Evernote have moved to shore up their systems with two-factor authentication. Said to be a great missing security link in many password-driven systems, two-factor authentication technologies that are most widely used today are actually fraught with many of the same risks as password-driven systems.

If you’re considering two-factor authentication, you should consider some of the most common attacks, identified by Jim Fenton, CSO at digital identity provider OneID, on two-factor authentication. Of course, there are many more than five attacks in the world, but these should give a starting point for evaluating others. These examples illustrate the importance of thinking broadly about how two-factor authentication can be defeated. You can be assured that the attackers are doing so.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.