Password-less authentication techniques continue to gain momentum like never before, and users these days have started relying on multi-factor authentication (MFA), two-factor authentication (2FA), OTPs, and several other ways to authenticate themselves in large numbers.
2FA is far from being secure
Together, these techniques are supposed to keep threat actors at bay. But despite these measures, hackers are trying new and more advanced techniques to break into your accounts. As a result, these methods may require to step up their game for enhanced security.
According to CheckPoint, two-factor authentication (2FA) in particular is still far from being secure:
“While 2FA has proved to be far more secure than just user names and passwords – very often the subject of phishing attacks allowed by password re-use, or by brute-force attacks – 2FA is still far from being secure.”
Two-factor authentication or multi-factor authentication techniques aims to address security concerns raised after a wide array of massive data breaches where passwords (single-factor authentication) were compromised in large numbers.
Explaining multi-factor authentication (MFA)
Multi-factor authentication (MFA) requires users to verify their identity by multiple means. In addition to entering username and password, MFA requires additional credentials, such as OTP, secret question, biometric authentication, or combination of all of them.
Two-factor authentication (2FA) is the most common method of MFA that requires two types of information from the user. For example one-time password (OTP) authentication via SMS in addition to username and password.
What’s wrong with 2FA?
We use two-factor authentication (2FA) to authenticate access to an online banking account, verify payment transactions, and more. But large numbers of fraudulent credit card transactions take place despite having 2FA, and this has weakened the process.
Phishing campaigns and social engineering techniques that trick users into giving up account credentials and one-time passwords (OTPs) question the credibility of the two-factor authentication method (2FA).
Researchers say credential theft easily bypasses 2FA these days. Such attacks can be prevented using a multi-layered approach.
“A multi-layered approach to Mobile Security is needed in order to prevent attacks that aim to abuse accessibility permissions and ex-filtrate data from the device, with disastrous consequences to the end user and the service provider.”
Researchers recently caught a new variant of TrickBot campaigns targeting sensitive information and acting as a dropper for other malware. Previously, IBM researchers revealed how TrickBot operators managed to intercept OTP authentication codes sent from banks, courtesy of a malicious app called TrickMo.
Recently, Microsoft said passwords are inconvenient and a drain on productivity.