Cyber security news for all

More

    Account hacked despite 2-factor authentication?

    More and more companies rely on two-factor authentication. With the creativity that users have when assigning their passwords, it is no wonder that the transfer of employee accounts continues to be a core problem of IT security.

    2FA Doesn’t Necessarily Hold Better

    At this point, the use of a solution for two-factor authentication (2FA) promises more security. Another factor is included in the authentication process, which creates an additional barrier in the event of attacks and is intended to slow down attackers. For this, ownership components are used more often. Two-factor authentication is not always two-factor authentication – different technologies are also used in this area, some of which differ greatly from each another and have different advantages and disadvantages in terms of security in general, but also the risk of attack.

    2-factor authentication

    Two-Factor Authentication With SMS Tokens

    The best known type of two-factor authentication runs with SMS tokens. A random code is generated each time a user logs in and sends to the user’s smartphone a SMS. According to a blog post from Google, automated bot attacks can be completely blocked in this way. With large-scale phishing campaigns, this value is almost 100 percent. Nevertheless, SMS tokens are rightly considered the least secure 2FA variant. If attackers succeed in outsmarting the mobile operator and porting the victim’s phone number to a SIM card, the tokens can be intercepted using swap attacks. A SIM token can also be reused if it is sent to a malicious server as part of a social engineering campaign.

    2FA With Smart Cards

    Smart cards or integrated circuit chip cards are typically used for two-factor authentication in highly secure Windows environments. The smart card is the size of a normal credit card, but is equipped with an integrated chip that stores a digital certificate that is used to uniquely identify the user. This certificate is encrypted and must be activated with a PIN. This means that the hardware-based certificate has strong security features. For larger companies however, managing a public key infrastructure is extremely time-consuming – especially if the smart cards have to be made available at various locations on an international level.

    Recent Articles

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox