Multi-Factor Authentication not very secure
If you thought you were safe because you use multi-factor authentication (MFA), there is bad news for you: MFA can be broken.
While MFA is still a recommended practice and is much safer than having just a password, it does not, however, guarantee your safety. You cannot afford to be complacent.
There are multiple ways to work around MFAs:
- For example, like how the Twitter account of Jack Dorsey was hacked, your SIM too can be swapped.
- Or if the site using MFA is not securely developed, an attacker can bypass MFA anyway and get at your private data.
- Finally, the ubiquitous ‘social engineering attacks’ can get you to divulge your information to an attacker voluntarily enabling them to inject themselves into the MFA cycle.
I do not want you to panic unnecessarily – after all, the FBI still says "Multifactor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks, …". I would only ask you to make note of the caveat.
- Sridhar Parthasarathy
|
Last month, the FBI issued a warning to private companies about MFA. The agency said that there is a rising threat of attacks against organizations and their employees that can bypass MFA solutions.
A massive security loophole at Just Dial has just been discovered. The flaw, discovered by an independent security researcher, has exposed almost 156 million unique users across the Just Dial ecosystem, that includes its web, mobile website, app and voice
JustDial claims to have addressed this issue.
|
|
