Organizations are increasingly adopting two-factor authentication (2FA) to verify the identity of users. But this can give a false sense of security to those users and organization. A paper for IEEE (wonderfully summarized by Boing Boing in the article shown below) illustrates how an attacker could exploit this technology to their benefit. Are we likely to encounter these type of hacks in the real world? Maybe not, but we should be careful to assume that these technologies are full proof.
http://boingboing.net/2017/06/22/security-questions-suck.html
Is your organization susceptible to this kind of attack? What does your organization do to prevent this exposure?
Comments are closed.