![]() That's because there are way too many ways to break text-based 2FA. ![]() Many security experts think you should stop using text-based 2FA altogether. Indeed, the National Institute of Standards and Technology (NIST) says using text-based 2FA is risky. But, the way they're implemented, which is most often in text-based 2FA, that's another matter. Phone-based 2FA typically relies on one of two standards: HMAC-based One Time Password (HOTP) and Time-based One Time Password (TOTP). Something you are, these are biometric factors such as a fingerprint, retinal scan, or voice print.Something you have, such as a secure ID card, a cellular phone, or a hardware security key.Something you know or can be given, this is commonly a one-time PIN.With 2FA you must have two out of three kinds of credentials to access an account. So, while personally you might be happy to use texting for your Facebook account, professionally, you'll be better off using a more sophisticated 2FA for your Microsoft 365 or Google Workspace. Doesn't every social network and business with an even pretense of caring about security use 2FA where the second factor is a six-digit number sent to your cell phone number? Well, while using a smartphone for 2FA is OK, a really determined adversary can intercept your smartphone 2FA traffic. It's time, well past time, to say good-bye to simple passwords and move to two-factor authentication (2FA) for all our security and Identity and Access Management (IAM) needs. Worse was a company that ever allowed an intern to set such a password. The SolarWinds security fiasco, which Microsoft president Brad Smith described as "the largest and most sophisticated attack the world has ever seen," may have begun, suggested former SolarWinds CEO Kevin Thompson when an intern first set an important password to "'solarwinds123" and then shared it on GitHub.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |