New tool released that may allow bad actors with almost any skill set to bypass many implementations of Two-Factor Authentication (2FA)

Stoel Rives - Global Privacy & Security Blog®
Contact

Stoel Rives - Global Privacy & Security Blog®

Until recently, hackers have had limited success stealing Two-Factor Authentication (2FA) PIN and token information.  Unfortunately, a tool has been released that will now make it much easier for practically any bad actor to bypass many implementations of 2FA:

https://www.zdnet.com/article/new-tool-automates-phishing-attacks-that-bypass-2fa/

This does not mean we should stop using Two-Factor Authentication (2FA). We should still use 2FA, or Multi-Factor Authentication (MFA) wherever possible. What it does mean is that we need to be even more careful about checking to see that we’re on the correct web site before logging in.

Even with this tool, the most impressive fake site still cannot use the real site’s URL, so please ensure your organization’s cybersecurity training and awareness plan regularly highlights the ever-important task of checking the URL in your browser before inputting any credentials.  Of course, tactics like punycode attacks and typosquatting can also be used to complicate verifying the URL; to help ensure your users access safe web sites, consider bookmarking those sites and training your users to only initiate a session with each site by clicking on that bookmark, and not links via other mediums, such as SMS text, other web pages or email.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Stoel Rives - Global Privacy & Security Blog® | Attorney Advertising

Written by:

Stoel Rives - Global Privacy & Security Blog®
Contact
more
less

Stoel Rives - Global Privacy & Security Blog® on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.