Five Most Common Security Attacks on Two-Factor Authentication

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Most Common Security Attacks on Two-Factor Authentication-6 Next

Some two-factor authentication systems rely on third parties for the issuance, verification, or communication with verification of physical tokens. The vulnerabilities inherited from third parties are best illustrated by the breach of RSA’s SecurID authentication system in 2011. Although the extent of the RSA breach isn’t fully known, it is thought that the attackers could have gotten access to information to create counterfeit tokens.

Authentication using SMS text messaging and other telephony-related means is dependent on the mobile carrier’s practices for assigning and reusing phone numbers. If an attacker can convince the carrier that they are the user and they lost their phone and need a new one, they would be in a position to intercept text messages and phone calls, providing the second authentication factor. This has led to a request from some Australian telecoms that banks not use SMS for two-factor authentication.

Following some high-profile password hacks, companies like Apple, Twitter and Evernote have moved to shore up their systems with two-factor authentication. Said to be a great missing security link in many password-driven systems, two-factor authentication technologies that are most widely used today are actually fraught with many of the same risks as password-driven systems.

If you’re considering two-factor authentication, you should consider some of the most common attacks, identified by Jim Fenton, CSO at digital identity provider OneID, on two-factor authentication. Of course, there are many more than five attacks in the world, but these should give a starting point for evaluating others. These examples illustrate the importance of thinking broadly about how two-factor authentication can be defeated. You can be assured that the attackers are doing so.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.