Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today’s websites offer some form of it, and some of them won’t even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types of organizations to protect users’ accounts with 2FA.
Unfortunately, its popularity has spurred on the development of many methods to hack or bypass it that keep evolving and adapting to current realities. The particular hack scheme depends on the type of 2FA that it targets. Although there are quite a few 2FA varieties, most implementations rely on one-time passwords (OTPs) that the user can get via a text message, voice call, email message, instant message from the website’s official bot or push notification from a mobile app. These are the kind of codes that most online scammers are after.
Read more…
Source: Kaspersky
Related:
- Mastercard: Biometrics use set to skyrocket
July 6, 2018
Biometric technology is set to become an integral part of all online shopping as the need for greater security increases, a new report has claimed. Research from Mastercard claims that one in four online transactions will need a greater level of authentication and security within the next 12 months. New EU regulations governing online fraud are set to come ...
- Behavioral biometrics missing from cybersecurity
January 20, 2018
Recently, there’s been an uptick in the adoption of the NIST Cybersecurity Framework, a set of guidelines aimed at helping organizations improve their overall cybersecurity process. In December 2017, NIST released the second draft of its framework. Among the updates were two critical additions to the Identity Management, Authentication and Access Control guidance. These updates address the disturbing ...
- Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug
August 3, 2017
Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication. The more severe bugs fixed on Wednesday exist in the company’s Identity Services Engine and its Videoscape Distribution Suite. The bypass, which exists ...