Two factor authentication (2FA) is proving not to be enough to stop hackers

Once upon a time, computer security required no more than a username and password.

Then, as more and more systems were compromised, two-factor authentication was introduced.

Two Factor Authentication for Security

2FA is meant to provide an extra layer of security as a backbone to the standard username/password combo.

Unfortunately, though 2FA has been proven to block a large number of automated attacks by cyber criminals, it’s not quite enough to keep all hackers at bay.

There are ways for attackers to circumvent 2FA.

2FA solutions that utilize SMS and voice calls typically have poor security that provides little protection for the user.

Two Factor Authentication and SIM Swapping

Sim swapping is a well-known way to circumvent 2FA. With sim swapping, the smooth talking attacker needs to use some very basic private information about the victim in order to convince the customer service agent of the victims’ cell phone provider that they’re the victim of an attack themselves. The hacker then requests that the victim’s phone number be switched to whichever device the hacker would like.

Two Factor Authentication and Reverse Proxy

Another way of bypassing 2FA is with reverse proxy. With reverse proxy, the hacking application will intercept communication between a genuine service and the victim. The app will then track and record the victims’ interactions, including any login credentials the victim used to access the service.

Not all hacking requires computer masterminds; sometimes, cybercriminals are master manipulators and/or have figured out how to use legitimate apps for nefarious purposes.

Even though 2FA isn’t as protective as it potentially could be, it’s still important to use it and to protect yourself online as much as possible.

In addition to 2FA, having a strong password is vital. Using a secure password manager can help make it so you don’t have to struggle to remember your password.

Using app-based 2FA methods can help protect against attackers too, such as with Google Authenticator, since the code isn’t sent through SMS.

By far the best way to protect against cyber criminals is with hardware tools that plug into your computer, such as a YubiKey.

Let RHYNO Networks Secure Your Business

Multi-factor authentication will increasingly be required in order to keep systems in the future secure as hacking methods and tools have become more sophisticated. Protecting yourself now rather than waiting for an attack to happen is key.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648

two factor authentication